| Description | This article describes a procedure to investigate cases where spam emails are not correctly detected and filtered by FortiMail. It explains how to analyze session information and cross-search logs to determine the reason why spam classification did not occur as expected. |
| Scope | This procedure applies to administrators and support engineers who manage FortiMail instances and need to investigate missed spam detection incidents. The steps apply to FortiMail environments using FortiGuard AntiSpam services. |
| Solution |
The ESMTP ID will appear as 326Gwolv024043-326Gwolx024043. It is recommended to search using only the first part, 326Gwolv024043, as it yields better results.
Check the reason recorded in the cross-search log. For example:
STARTTLS=server, relay=****.**.****.jp [***.***.***.***], version=TLSv1.2, verify=NO, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256 from=<*******=************=2jr0ird=424=****.****=********.*****@****. FortiGuard-AntiSpam identified spam IP: **.**.**.**, score: 3 to=****.********@********.*****, mailer=bulk, stat=sent
In this case, 'FortiGuard-AntiSpam identified spam IP: **.**.**.**, score: 3' indicates that the email is judged as spam based on the IP address. |
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiWAN
- FortiToken
- FortiVoice
- FortiWeb
- FortiAppSec Cloud
- RMA Information and Announcements
- Lacework
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
- Fortinet Community
- Knowledge Base
- FortiMail
- Technical Tip: How to check for missed spam emails...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.