How to submit spam, and false-positive spam samples to SophosLabs

  • ID de l'article 23113
  • Mis à jour : 12 sept. 2014

Note:  This article explains how to submit spam email samples to SophosLabs.  For details on submitting malicious file samples see article 11490 or for website address (URL) reassessments see article 119440.


When sending email samples to SophosLabs - either spam that is not being detected or legitimate email that is incorrectly detected as spam - you should send the original email as an RFC-2822 attachment (i.e., the original email attached to a new email) to allow SophosLabs to fully analyze the sample.

Important: If you just forward the original email to SophosLabs content required for analysis will be lost.

This article explains how to submit your spam/not spam sample in the correct way.

What is RFC-2822?

RFC stands for 'Request for Comment' and is a publication of the Internet Engineering Task Force (IETF) and the Internet Society (official standards-setting bodies for the Internet). 2822 is the ID number for the RFC on Internet Message Format which documents the standards for how electronic messages are to be formatted.

Hence if you say the email sample is compliant with RFC-2882 then we know that all of the original information has been sent to us and we are able to carry out a full analysis.

Applies to the following Sophos product(s) and version(s)

Not product specific

What To Do

We have provided steps for Outlook, Thunderbird, Mac Mail, and advice for Lotus Notes.  

Microsoft Outlook

  1. First, make sure that your Outlook is configured to not send attachments as winmail.dat files as SophosLabs cannot parse those submissions. Microsoft has a knowledgebase article that describes what to do to ensure external recipients (such as Sophos) can read the attached messages.
  2. Create a new email message.
  3. Enter the 'To' email address.  It should be:
    • is-spam@labs.sophos.com - for email not detected as spam
    • not-spam@labs.sophos.com - for email that is genuine

  4. From your Inbox, select the sample email that you received (you must select the email, not the content) and drag then drop the selected item(s) into the new email.
  5. This will now be displayed as a new email with the sample email as an attachment.  Example:
  6. Send the email to SophosLabs at the address you selected above, with the subject line of your choice.

Mozilla Thunderbird

  1. Select the sample email.
  2. From the toolbar choose Message | Forward As | Attachment
  3. Enter the 'To' email address.  It should be:
    • is-spam@labs.sophos.com - for email not detected as spam
    • not-spam@labs.sophos.com - for email that is genuine

  4. Send the newly created email to SophosLabs at the address you selected above, with the subject line of your choice.

Mac Mail

  1. Select the sample email.
  2. Right-click the message and select 'Forward as Attachment'
  3. Enter the 'To' email address.  It should be:
    • is-spam@labs.sophos.com - for email not detected as spam
    • not-spam@labs.sophos.com - for email that is genuine

  4. Send the newly created email to SophosLabs at the address you selected above, with the subject line of your choice.

Lotus Notes

We cannot recommend a default method for attaching RFC-2822 messages in Lotus Notes but the following options are available.

Version 8.5.2:

In Lotus Notes v8.5.2 there is an option to save emails as .eml files. With the sample email message open, click File | Save As and select the .eml file extension.  You can then attach the saved message and to a new message and send that to the correct address:

  • is-spam@labs.sophos.com - for email not detected as spam
  • not-spam@labs.sophos.com - for email that is genuine

Version 8.5.1 (or lower):

  1. Open Lotus Notes and select the received spam mail in the Inbox.
  2. From the menu click File, Export.
  3. In the field, File name, type SPAMSAMPLE.TXT, then click Export.
  4. You will see a Structured Text Export window.
  5. In the section 'How Much to Export', select 'Selected Documents' and click 'OK'.
    Note: Leave all other settings as default.
  6. Now create a new mail and attach the file SPAMSAMPLE.TXT, and send it to:
    • is-spam@labs.sophos.com - for email not detected as spam
    • not-spam@labs.sophos.com - for email that is misclassified as spam

Other options:

  • Send the message direct to our Technical Support team:
    1. Create a new email message addressed to your support contact.
    2. Open the spam message, select View | Show | Page Source.
    3. Copy and paste the Page Source content into the new email.
  • Use the free third party enhancement software 'Open-NTF'. This adds a menu option, 'Forward MIME to RFC-2822', to the 'Tools' button. Use this to forward the email.

From other email clients

With other email client use the option 'Forward As Attachment' when possible.

Further information

  • If spam email samples are sent to either of the addresses above as RFC-2822 attachments they will be automatically processed by SophosLabs in the fastest possible time.
  • You will not receive feedback for emails messages sent to these addresses.
  • Samples sent to these addresses will not necessarily be considered to be, or detected as, spam.  SophosLabs will decide on the detection with regards to our entire customer base.

If you strongly believe that an item should be detected, open a ticket with our Technical Support team and attach the entire message source (text).

Related Articles

 
Si vous avez besoin de plus d'informations ou d'instructions, veuillez contacter le support technique.

Évaluez cet article

Très mauvais Excellent

Commentaires