Reporting Spam, Malware and Phishing

Document created by user.oxriBaJeN4 Employee on Sep 21, 2015Last modified by user.oxriBaJeN4 Employee on Mar 27, 2017
Version 7Show Document
  • View in full screen mode

At Mimecast, we encourage our customers to submit potential spam, malware and phishing examples for review. Using these submissions, the Mimecast filtering systems can learn from the analysis of these messages. The Mimecast Security Services team are able to update Mimecast's global reputation systems, create new anti-malware signatures, and update existing signatures. This collectively helps to improve the level of virus and spam detection.

 

Submitting Examples

Specific issues or queries that require a response should be sent to support@mimecast.com. The email addresses mentioned below are monitored, but no response will be received from Mimecast.

To submit an example:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item. A menu drop down is displayed.
  3. Click on the Monitoring menu item for the queue containing the email.
    Emails with a Bounced, Deferred, Pending Delivery, or Rejected status cannot be reported as spam, malware or phishing.
  4. Right click on the email. A popup menu is displayed.
  5. Click on one of the following menu items:

    OptionAction
    Report as SpamThe example is sent to the Mimecast spam mailbox (spam@mimecast.org) for further  analysis.
    Report as MalwareThe example is sent to the Mimecast virus mailbox (virusreports@mimecast.org) but a support case must also be raised.
    Report as PhishingThe example is sent to the Mimecast phishing mailbox (phishing@mimecast.org) for further analysis.

 

The Block Senders policy can be used to block the sender should it be required.

 

Submitting Spam Examples

 

Spam examples must be sent in either .EML or .MSG format, and must not be forwarded. This ensures the original email can be analyzed with its full Internet message headers intact.

 

The best way to manually submit a spam example is to:

  1. Create a new message.
  2. Drag and drop the spam email into the new message, so it is added as an attachment.

 

Alternatively, use the mail application to save the email (usually located under File | Save As) as an .EML or .MSG format to a folder location, and attach the saved file to a new email.

 

Submitting Malware Examples

 

Files suspected to contain malicious payload, or have wrongly been identified as a malware can be submitted to Mimecast for analysis. All virus submissions must be compressed (or zipped) into an archive file, and password protected. The Messaging Security team will conduct analysis on submitted examples in a sandbox environment to determine whether any malicious payload is present.

 

Submitting Phishing Examples

 

Phishing examples must be sent in either .EML or .MSG format, and should not be forwarded. This ensures that the original email can be analyzed with its full Internet message headers intact. 

 

The best way to manually submit a spam example is to:

  1. Create a new message.
  2. Drag and drop the spam email into the new message, so it is added as an attachment.

 

Alternatively, use the mail application to save the email (usually located under File | Save As) as an .EML or .MSG format to a folder location, and attach the saved file to a new email.

 

Filtering Process

 

On a daily basis, messages that are clearly not malware are filtered out of the mailbox. This includes emails such as newsletters, and other email that has been subscribed to. The next step is to filter through the examples to detect global trends across all customers. From experience, Mimecast analysts are easily able to identify the types of spam, malware, and phishing, and whether these are company specific or related to a global issue.

 

Regular reports are also run to monitor the number of examples submitted to the mailbox, and the customer accounts they are coming from. If higher volumes are coming from a particular customer, a security review is conducted on the customer's Mimecast account. If necessary, the Security Services team will contact the administrator to discuss certain recommendations that will help to reduce malware.

 

Mimecast will not respond to each example that has been submitted, and does not provide customers with reports on their malware activity. This is because many examples submitted are not actually malware, or the same example is submitted by different users. This would distort the results of a report based on the number of submissions. However reports can be generated from your Mimecast account, for all email being sent from your end users to the mailbox email address.

4 people found this helpful

Attachments

    Outcomes