To submit email samples to Forcepoint, attach the sample(s) to an email addressed to email-feedback@forcepoint.com. Samples sent to this automated response system are used to improve detection capabilities, and the submitter will receive an automated reply containing the current detection status of each sample email.

To submit email samples to Forcepoint Security Labs

1. In your email tool (such as Outlook, Gmail, etc.), create a new message to email-feedback@forcepoint.com.
2. Edit the subject line of the message to help you distinguish this submission from others.
   • This information is not used by Security Labs, however if you require the submission to be treated as a false positive, then the subject line must begin with [FP].
3. Attach up to 49 email samples to the message.
   1. Messages must be attached. Forwarding the message does not submit the required information and will result in an error response. 
   2. You can use "drag-and-drop" to attach the messages, if your email client supports it. Otherwise, use Forward as Attachment or Attach.
   3. You can pull messages from quarantine and save as a .zip attachment. (If it is likely that the .zip attachment will be blocked, password protect it with the password “infected”.) Any messages that have been downloaded from Forcepoint email security quarantine are automatically detected as false positives and processed accordingly.
   4. For information about pulling messages as attachments from Forcepoint products, see the obtaining messages from Forcepoint products section below.
   5. If you cannot use these other methods, save sample messages as .eml, .msg, or .zip attachments.
4. Send the email message to Forcepoint Labs. Within 30 minutes, you will receive a response containing a Submission ID and the Current Detection Status for each attached message you submitted.

Note Some spam false negatives initially passed as clean may already be re-classified by the time you submit them. The Current Detection Status in the response email will confirm the latest status. All submissions are re-scanned regularly for 7 days. If the initial response passes spam as clean, a later scan may change its status. 

For more information about a specific submission, raise a case with Forcepoint Support and refer to the Security Labs Submission ID.

To obtain messages from Forcepoint email security products

Note Any attached messages that have been downloaded from Forcepoint email security quarantine are automatically detected as false positives and processed accordingly.

Saving messages from Forcepoint Email Security Cloud

Sample emails must be attached from the end user's mailbox. Be sure to attach the original copy of the message (rather than a forwarded copy), as this retains the required header information.
 

Forcepoint Email Security On-Premises

(Optional) Change message retention settings

By default, messages that are clean and delivered are not retained. In this case, it is possible to download clean messages only if they are saved to a message queue.

However, you can change retention settings to save all messages -- including clean messages -- by activating the Message Archive Queue. To activate the Message Archive Queue:

1. Go to Settings > Inbound / Outbound > Message Control.
2. In the Message Archive Queue section, enable the Enable archive queue storage check box.
3. Save these settings.

Saving messages from Forcepoint Email Security On-Premises

1. From the Email Message queue, locate the messages to be downloaded.
2. Click the Subject line, click More Actions, and then click Download.
3. The zipped email messages will be downloaded by the browser.
4. Submit this .zip file as an attachment using the Submit Email Samples instructions above.