If you know that an incoming email is legitimate, and not actually a spear phishing attack, you can report it as a false positive. Reporting false positives helps to improve Barracuda Sentinel's artificial intelligence. Emails that you deem to be legitimate are also transferred from quarantine back into the recipients' inboxes.
To report a false positive:
- On the RealTime AI page, in the Spear Phishing Attacks list, locate the email you think was a false positive. Click the More Details icon on the far right of the list to check the contents of the email.
- If you think this email is not actually a threat, click the Report False Positive icon on the far right of the list.
- Choose an action to take for this specific email.
- Do not whitelist this sender (recommended) – This is the safest option, since future emails from this sender will still be reviewed and not allowed to bypass security evaluation.
- Add the domain to my sender whitelist – This action is for all senders in a particular domain, not just a single sender.
Add the address to my sender whitelist – This action is for the single, individual sender who sent this email. This is the second safest option, because it only allows one individual sender to bypass security evaluation.
- Click Yes, Report False Positive.
The system will learn, improving its AI, based on your input.
You can also report false positives based on an account takeover alert. Refer to Account Takeover Alerts for more information.