Overview
The Commtouch email security solution delivers a high rate of spam detection. However, no solution is perfect and sometimes unsolicited or malicious messages are mistakenly approved and sent to the end-users (false negatives) or legitimate business and personal correspondence may be mistakenly identified as unsolicited or malicious (false positives). By reporting to Declude any cases of false negatives and, more importantly, any cases of false positives, it is feasible to improve the overall performance even further.
To identify the reason for the mistake, Declude must be allowed to analyze each report, sometimes look into the actual filtered email. In the case of false negatives, the entire message is required for analysis and the assumption is that privacy is not violated because the users consider the messages to be unwanted. Analyzing the entire message is known to help significantly in avoiding repeating the same mistake but in the case of false positives, business confidentiality and privacy considerations must be applied. Therefore, you may also send the entire message for analysis but if not applicable it is sufficient to forward to Declude only the RefID record per-message.
When sending filtered messages to Declude for analysis, it is important to note that the original messages must be attached to your email report rather than forwarded to Declude. This is to ensure that all the original message-headers will also be sent to Declude for analysis. Reports that do not contain the original message-headers will not be analyzed.
Spam classification errors should be reported to the following address: support@declude.com with the subject: CommTouch Classification Error
Declude is unable to analyze old messages because spam characteristics are dynamically changed over short period of time due to the nature of spam distribution methods. It is therefore, highly important that you will send reports about classification mistakes as soon as possible. As a rule of thumb avoid sending reports that are older than one week.
Reports to Declude about Cases of False Negatives:
In order to analyze reports about cases of false negative, Declude’s Monitoring team must review the actual email and determine why it was overlooked. Therefore, in reporting cases of false negative you must include the original filtered email as MIME attachment. Do not forward the original filtered email to Declude because all the original headers may be lost. The Subject line of your reports to Declude should include the following: FN Report <Your Company Name> <Date of submission> When reporting cases of VOD false negatives the original email must be archived in a password-protected ZIP file to be unachieved by Declude with the password “infected”.
Reports Sent to Commtouch about Cases of False Positives:
In order to allow fast processing by Declude’s Monitoring team your report to Declude about
cases of false positive should contain unique and predefined format. Note that some of the stages in analyzing your report are fully automated. If you do not comply with the following instructions, then the response back by Declude may be delayed. The Subject line of your reports to Declude should include the following: FP Report <Your Company Name> < Date of submission > There could be only one of two ways to report cases of false positives to Declude: either send the RefID of each email within the body of the email report, one line per-RefID record, or attach the original email containing the RefID record in a zip file. You may send mixed email reports containing both the list of RefID records and several other original emails in MIME attachment.
RefID records
RefID records are Declude’s references to the transactions between your application and the
Declude’s Detection Center per filtered messages. It is used for diagnostics purposes by Declude to track the transaction and the reason for blocking. Without the RefID, Declude is unable to analyze the report. The RefID is passed from Declude’s embedded Detection Engine to your application and typically, it is added by your application to filtered emails as a special x-header. The RefID may take different format and structure depending on the version of the embedded Detection Engine.
When sending original filtered emails as MIME attachments you may group and archive several
messages within one or more ZIP file(s) but do not archive the messages in nested ZIP files. If you feel necessary to protect the archive files with a password, then you should declare the password in advanced to your technical support agent at Declude and avoid changing the password too often.