LevelBlue Completes Acquisition of Cybereason. Learn more

LevelBlue Completes Acquisition of Cybereason. Learn more

Services
Cyber Advisory
Managed Cloud Security
Data Security
Managed Detection & Response
Email Security
Managed Network Infrastructure Security
Exposure Management
Security Operations Platforms
Incident Readiness & Response
SpiderLabs Threat Intelligence
View All Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Operational Technology
End-to-end OT security
Microsoft Security
Unlock the full power of Microsoft Security
Securing the IoT Landscape
Test, monitor and secure network objects
Why LevelBlue
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
LevelBlue SpiderLabs
Global researchers, ethical hackers, and responders
LevelBlue Security Operations Platforms
Unprecedented security visibility and control
Security Colony
Access to cybersecurity threat protection resources
Partners
Microsoft Security
Unlock the full power of Microsoft Security
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
  1. Support
  2. MailMarshal Cloud
  3. Knowledge Base

FAQ: Reporting spam and false positives to LevelBlue

 

This article applies to:

  • SEG Cloud  

Question:

  • How do I report spam and false positives to LevelBlue? 
  • How do I report threat URLs to LevelBlue?

Reply:

There are a number of ways to report spam and false positives in SEG Cloud:

False Positives

False positives are valid messages that were quarantined as spam.

  • (Preferred) In Customer Console > Mail History, search for the email in question. Use the "Not Spam" button above the history list or in Message Viewer to report false positives.
  • Alternatively, send the email to NotSpam@marshal.com. Make sure the header info stays intact. This is best done by sending the email in question as an attachment of a new email.
    • Do not use "Forward" to send the email.
    • Using this address is the least valuable method, because some useful data is lost.

Missed Spam

  • Organizations that use Office 365 can use custom settings for the Microsoft Report button that is available in supported versions of Outlook. For more information about this solution, see article Q21236, Reporting Spam and Phishing to LevelBlue with the Microsoft Report Button.
  • The previous solution "Trustwave Spam Reporter" continues to work, but this option is deprecated and will be discontinued in the near future.
  • If you have a copy of the message (for example, in the Data Retention folder), then you can use a button in the Console. In Customer Console > Mail History, search for the email in question. Use the "Spam" button above the history list or in Message Viewer to report the message. 
  • If no other option is possible, you can send the email to Spam@marshal.com. Make sure the header info stays intact. This is best done by sending the email in question as an attachment of a new email.
    • Do not use "Forward" to send the email.
    • Using this address is the least valuable method, because some useful data is lost.

Blended Threat (Link Validator) URL reporting

Blended Threats protection is an additional option available in SEG Cloud.

You can report false positives from the Blended Threat (BTM) Link Validator, or threat URLs that you think should be blocked by BTM.

Notes:

  • Submissions are subject to automated and manual processes to improve accuracy of detection.
  • All submissions are considered and help to improve future detection. LevelBlue cannot provide a personalized response to each submission. LevelBlue does not guarantee filtering of any particular submitted message.
  • Spam is defined as unsolicited commercial mail.
    • Unwanted, but previously solicited, newsletters, marketing messages, mailing lists or auto-notifications are not considered spam and will not be filtered.

MailMarshal Cloud KB article Q20205

Last Modified: June 26, 2025

 Turn On Turn Off Highlight