The article describes the steps user or administrator can perform in situation when legitimate email was marked with spam score and, thus, quarantined or denied. We encourage users and administrators to report False Positive directly to McAfee.  

In order to submit false positive to McAfee, collect the following information and email it to SaaS_falsepositives@mcafeesubmissions.com:

  • Full content of the email(s). If email was denied by McAfee, request this information from the sender. 
  • Internet Headers. Read the Knowledge Base article on What Are Complete Headers? How Do I Get Them? for instructions how to get the headers. 
    Note: only received messages contain headers. It is not possible to get headers from emails which were rejected.
  • Information about email: Sender, Recipient, Subject, Date/Time the email was sent.
  • The bounce back message, if presented.
  • If the false positive evaluation is happening to multiple senders on regular basis, additionally include: how long ago the issue started, approximate percentage of how many email are denied/quarantined, whether the denied/quarantined emails sent by some specific domain or by random ones.   
  • Administrators on accounts with McAfee Advanced Plan and higher may also include results of Message Audit for affected emails. Read the Knowledge Base article on McAfee: Message Audit for more details.
  • McAfee recommends to verify whether sender's signature affect the rejection: ask sender to resend denied email without signature, and add this test's results to your report.

Submissions to the SaaS_falsepositives@mcafeesubmissions.com address are received directly and evaluated by our Messaging Security team to find indications of rules that need to be modified and adjusted.

Note: depending on your Policy settings, some false positives could be not "false" ones. Prior submitting report to McAfee, read the Knowledge Base articles about the most common denial reasons: