Reporting incorrectly identified spam

Owned by Barb Yantha, created
Last updated: Mar 17, 2023 by Rohan Raghavan
3 min read

You may find that some messages are incorrectly identified as Suspicious or put into the Junk Email folder, but are actually legitimate emails. You may also find emails in your Inbox that are not marked as Suspicious or not put into your Junk Email folder, but should be. You can report these to IST for correction.

Step-by-step guide

For incoming messages, you can alert IST by sending these messages as an attachment to soc@uwaterloo.ca.

For outgoing messages, you can alert the IST service desk by sending an email to helpdesk@uwaterloo.ca and we will work with you to determine the cause of the problem, and help implement a solution.

For Windows

To send a message as an attachment, select the spam message and press CTRL+ALT+F to create a new message, with the spam message saved as an attachment.

If using a Mac or Outlook Web Access

You can do this by creating a new email, and dragging the spam message into the new email.

About our “Tag and deliver” email message management approach

  • Identified and suspected Spam messages will be delivered to the recipient’s Junk Email folder. Recipients should now check their Junk Email folder when looking for missing or expected email messages.

  • If a message is identified as Spam in error, the recipient can move the message to their inbox. 

  • Spam tags may be added to the email subject line depending on the nature of the email message, e.g., [SUSPICIOUS]. See the list of spam tags and definitions below.

  • Any message that contains a malicious URL (using the web-based reputation score) will be quarantined and not delivered to the intended recipient. If required, a quarantined message can be retrieved within one month of being received. Please submit the request via the IST portal.

  • Any message that contains a URL suspected of being malicious will have the URL re-written to a Cisco proxy for additional verification. 

Spam tags and definitions

  • Any message that is identified as Suspect Spam, will be delivered to the recipient’s inbox, subject line not modified.

  • Any message in which the message is not scannable will have the message subject prepended with [NOT VIRUS SCANNED] and delivered to the inbox of the intended recipient

  • Any message that is identified as being sent from an imposter will have the subject prepended with [SUSPICIOUS] and a disclaimer added to top of the message with the following text:

“WARNING: The University's email security system has determined the message below may be a potential hoax/fake. If you are unsure of the sender, contact the IST Service Desk. Please do not respond or click any links in the message."

  • Any message that is considered zero-day (Outbreak) for non-viral (phish or scam) will have the subject line prepended with [SUSPICIOUS] and a disclaimer added to top of the message with the following text:

“WARNING: The University's email security system has determined the message below may be a potential threat. The message tricks victims into confirming a bank account change or transaction by calling a phone number and providing information. If you do not know the sender or cannot verify the integrity of the message, please do not respond or click on any links in the message. Depending on the security settings, clickable URLs may have been modified to provide additional security.”

Other important considerations

(It is very rare a legitimate message will be quarantined)

  • Any message that is identified as a virus will be quarantined and not delivered to the intended recipient. If required, a quarantined message can be retrieved within one month of being received. Please submit the request via the IST portal.

  • Any message that contains a malicious URL (using the web-based reputation score) will be quarantined and not delivered to the intended recipient. If required, a quarantined message can be retrieved within one month of being received. Please submit the request via the IST portal.

  • Any message that contains a URL suspected of being malicious will have the URL re-written to a Cisco proxy for additional verification. 

Future tagging considerations

  • All messages sent from an outside source will have the subject prepended with [EXTERNAL]. As there are multiple outside sources that are legitimate, this feature will be implemented at a later date to determine these sources.

Need help?

Contact the IST Service Desk online or 519-888-4567 ext. 44357.