It is possible to send samples of unsolicited bulk email messages (spam) to Fortinet FortiGuard service for analysis, using an email address alias firstname.lastname@example.org .
However, some FortiMail customers (typically with a larger user base) have an internal email alias, responsible for receiving spam samples from internal users. In such cases, this alias is also directly responsible to aggregate and submit spam to FortiGuard for further analysis.
However, as a direct result of this particular operational flow, it is often impossible to properly complete an automated spam analysis of the forwarded spam sample, because the original spam message is encapsulated as an attachment into another email message, and this message is again included as an attachment of the final message, sent to FortiGuard.
To highlight the example scenario:
1. Enterprise customer: Company with a domain name example.com has an internal spam-report email alias Spam@example.com, which is used company-wide by internal users to report spam. The original spam message is sent as an Outlook attachment/item to this alias.
2. Spam@example.com will then take that message (including the attachment) from its Inbox, attach the whole message again as an Outlook attachment/item to a new message, and send it to FortiGuard at email@example.com .
Submitting spam samples directly to FortiGuard team is a process defined at the following link: http://www.fortiguard.com/static/antispam.html
However, in the scenario above (step 1, followed by step 2), FortiGuard systems do have issues parsing the nested submissions properly, since the original spam message is nested within two email messages at the time of receipt by FortiGuard.
As a standard, the FortiGuard Spam Collection Engine assumes that RFC822 MIMEs in the first level contain the original spam email message, so nested / double-attached spam samples (as would be the case in the above example) cannot be parsed properly. If the scenario above reflects your Spam management process, please contact your Fortinet TAC/TAM representative. Fortinet will need to make accommodations to properly parse your Spam submission.
In other words: If your Spam submission process looks like this:
Spam admin @ example.com - - > Submits spam sample to Fortinet
with email from - - > Internal end Users
with Spam sample (s) - - > Attached
In these cases, Fortinet will need to make special accommodations to properly parse the spam submissions. In other words, if there is a Central Spam collection alias for your company, responsible for aggregating and submitting spam samples from your internal customers and/or end-users, please let your TAC and/or TAM representative know about your Operational Model so that we can properly parse your spam submission.
To confirm, If you are sure the customer will always send double-attached emails to submitspam@, please send the "sender's email address" to firstname.lastname@example.org, my team will take action to change the config and then always parse the double-attached emails from that sender.We will not accept the customers' request directly, please send the request by Fortinet engineer.