It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

User-Reported Emails

  • Last updated on

You can view and create incidents based on emails that users report as suspicious. Be sure to read to the end of the article to learn about the ways that users can report the emails. 

Viewing the User-Reported Emails Page

To view the User-Reported Emails page:

  1. Open Barracuda Forensics & Incident Response, either from with Barracuda Control Center or by logging into
  2. From the menu, select User-Reported Emails.

Chart: Top 5 Reporters

This chart shows the five users in your organization who report the most emails as suspicious. You can use this chart to see their reporting records. At a glance, you can review whether the emails they are reporting actually require remediation. If there are fewer than five users in your organization who have reported emails, the chart shows all users who have reported suspicious emails. 

Each bar of the chart can contain multiple segments. Hover over each segment to see the exact number of emails it contains. 

  • Blue: Remediated – These emails were potential threats that became the basis of new incidents.
  • Green: Dismissed – The administrator determined these emails did not pose a threat and dismissed them.
  • Orange: Pending Review – The administrator has not yet reviewed these items. The administrator will determine whether these emails must be remediated or if they can be dismissed. 
Interpreting the Results
  • Users with large blue sections on their bar chart are more accurate in their reporting of suspicious emails. They are assets to your organization, helping to keep others safe. 
  • Users with large orange sections are reporting a lot of emails as suspicious, but many of these emails did not require remediation. You might choose to have these users learn more about common traits of suspicious emails, perhaps by reviewing videos included in Barracuda PhishLine

Viewing and Creating an Incident from User-Reported Emails

To View and Create an Incident from User-Reported Emails:

  1. Open the User-Reported Emails page, as described above.
  2. The table on the User-Reported Emails page displays information about suspicious emails that were reported by users, including:
    • Last Reported Date – The date the email was reported. If the same email was reported more than once, the most recent date it was reported. 
    • Number of Users Reported – How many unique users reported this email. Hover over this value to see the corresponding email address(es).
    • Sender Email – Email address for the sender of the suspicious email. 
    • Subject – Subject of the suspicious email. 
    • Affected Mailboxes – How many mailboxes in your organization also received this suspicious email. 
  3. Optionally, take action. 
    • To create an incident based on a user-reported email: Click Create Incident for that email. Follow the incident creation wizard steps as described in Creating an Incident. The relevant information from the email you selected is automatically entered into the search screen of the wizard.
    • To dismiss an incident because it appears to be innocuous: Click the X icon for that row of the table. That email item is removed from the table. To see user-reported email you have dismissed, click Show Dismissed above the table. To view User-Reported Emails again, click Show Submitted

Barracuda recommends:

  • First remediating emails with a warning symbol threatDetected.png, indicating a known threat.
  • Prioritizing remediating emails that affect multiple mailboxes.

Receiving Alerts for User-Reported Emails

You can configure the system to automatically send you alerts when a user reports a suspicious email. 

To create automatic alerts when a user reports a suspicious email:

  1. Open the User-Reported Emails page, as described above.
  2. Click the Settings icon gearIcon.png in the upper right corner of the screen. 
  3. Specify that you want to receive alerts.
  4. Specify whether you want to use the same email address for the security team members that you alert for other alerts. 
    If you choose to use the same email address, it will autofill for you. Otherwise, an email address to receive these alerts.
  5. Click Save

How Users Report Suspicious Emails

Users reporting email as suspicious must have the Microsoft REST API enabled. Without the Microsoft REST API enabled, any emails that user might report will not appear in the User-Reported Emails page of Barracuda Forensics and Incident Response.

From the Barracuda Outlook Add-In 

Within the Barracuda Outlook Add-In, users can report suspicious emails, as shown below. This allows end users to be active participants in reporting phishing and spearphishing emails. These reports go to Barracuda Central and Barracuda Forensics & Incident Response. Administrators of Barracuda Forensics & Incident Response can investigate these end-user reported emails, create incidents, and take corrective action.


For more information, refer to Barracuda Essentials for Email Security Outlook Add-In. A Barracuda Essentials account is not required for this functionality.

From the Barracuda Essentials Message Log

Note that a Barracuda Essentials Account is required for this functionality.

Administrators reviewing message logs within Barracuda Email Security Service might notice that there is suspicious email. Messages marked as Incorrectly Delivered are reported both to Barracuda Central and to Barracuda Forensics & Incident Response where they can be investigated.

To report email as incorrectly delivered, select a message in the Message Log and click Report as Incorrectly Delivered above the message preview.


For more information, refer to Understanding the Message Log in the Barracuda Email Security Service documentation.

Last updated on