Jun 26 2021
07:43 AM
- last edited on
Feb 07 2023
08:08 PM
by
TechCommunityAP
Jun 26 2021
07:43 AM
- last edited on
Feb 07 2023
08:08 PM
by
TechCommunityAP
Hi
I have two legitimate message from sender at the largest Swiss ISP bluewin.ch that are considered "High Confidence Phish" and where thus quarantined.
I reported them as wrongly quarantined but the status is "Should have been blocked. Use your organizational settings to allow similar messages in the future."
After manual checking the messages I couldn't find any reason why those messages should be considered phishing. (Looking at one message I see: SPF pass, conversation between a group of people (multiple previous messages), no links where URL and text would contradict - the only issue are some embedded pictures (cid:image...@...) not being shown because one email client in the "chain" probably wasn't Outlook-compatible)
This creates a real problem for our organization because users have no option to realize that they have missed messages.
I want to avoid to modify filters and wonder what steps you recommend.
Thank you
Jun 27 2021 01:17 PM
SolutionJun 27 2021 02:10 PM
Hi! Check out this documentation for steps!
please write if you apply and will work
Jul 06 2021 02:12 AM
Jun 27 2021 01:17 PM
Solution