Sometimes a suspicious message will get past Impersonation Protection. Should this happen, you have multiple ways to report the email. We can then analyze it, learn from it, and improve Impersonation Protection for everyone.
Report with the Email Protection Outlook Add-In
You can utilize the Barracuda Email Protection Add-In and report missed attacks from the mailbox using the Add-In. If you would like more information on reporting emails using this method, see Using the Barracuda Email Protection Add-In.
Report with Email Gateway Defense
If you use the Barracuda Email Gateway Defense service, you can report emails from the message log using the Report as Incorrectly Delivered button when viewing the message options.
Report by Sending an Email
If you don't have access to the Email Protection Add-In and don't utilize Email Gateway Defense or Barracuda Incident Response, then you can send a sample of the missed attack to SentinelAnalysts_Team@barracuda.com.
Open Outlook in a web browser. Usually, you will navigate to http://outlook.office.com/ and log in with your credentials for your organization.
Click New Message.
Locate the suspicious email in the Inbox.
Click the suspicious email and drag it into the new, blank message. It appears as an attachment.
Add the following information:
To: SentinelAnalysts_Team@barracuda.com
Subject: Report Missed Attack, or something similar
Body: Optionally, add a note to the Impersonation Protection Analysts Team to provide additional information or context.
Click Send.
The Impersonation Protection team will send you an email, confirming receipt of your submission. At this time, we are unable to further follow up regarding emails reported via this method.
Why an Attack Might Be Missed
On somewhat rare occasions, an attack might pass by Impersonation Protection. Some of the reasons this might happen include:
The attack might have come through on a mailbox that is not using Microsoft 365. For information on what is protected, see Getting Started.
You recently purchased Impersonation Protection and it is still learning about your environment.
Each user is treated as an individual, based on their individual attributes. The same email might have been considered an attack and blocked for one user, and allowed through for another user.
The email might have been opened automatically in a mobile app before Impersonation Protection can get it from the main environment.
Gateway policies or DMARC might not be configured properly. For more information, refer to the Domain Fraud Protection Background section of this document.
Your Email Gateway Defense might have permissive inbound policies that allowed the email through. For information on updating your policies, refer to Inbound Filtering Policy in the Barracuda Email Gateway Defense documentation.