Description
It is possible to send samples of unsolicited bulk email messages (spam) to Fortinet FortiGuard service for analysis, using an email address alias submitspam@service.fortinet.com .
However, some FortiMail customers (typically with a larger user base) have an internal email alias, responsible for receiving spam samples from internal users. In such cases, this alias is also directly responsible to aggregate and submit spam to FortiGuard for further analysis.
However, as a direct result of this particular operational flow, it is often impossible to properly complete an automated spam analysis of the forwarded spam sample, because the original spam message is encapsulated as an attachment into another email message, and this message is again included as an attachment of the final message, sent to FortiGuard.
To highlight the example scenario:
1. Enterprise customer: Company with a domain name example.com has an internal spam-report email alias Spam@example.com, which is used company-wide by internal users to report spam. The original spam message is sent as an Outlook attachment/item to this alias.
2. Spam@example.com will then take that message (including the attachment) from its Inbox, attach the whole message again as an Outlook attachment/item to a new message, and send it to FortiGuard at submitspam@service.fortinet.com .
Scope
FortiMail 4.0 MR3
FortiMail 5.0.x (MR0)
Solution
Submitting spam samples directly to FortiGuard team is a process defined at the following link: http://www.fortiguard.com/static/antispam.html
For Microsoft Outlook:
Method 1:
- Open Microsoft Outlook
- Create a new email to submitspam@service.fortinet.com
- Drag the message(s) you want to submit from the "message listing" pane into the body of the new message window you just created.
- Send the message.
Method 2:
Set Outlook to forward email as original attachment by
- In Outlook menu, click "Tools" -> "Options"
- In "Preference" tab, click "Email Options..." button in "Email" section
- In the drop-down section "When forwarding a message," choose "Attach original message text"
- Click "OK"
From now on, you can simply click "Forward" button in Outlook and put submitspam@service.fortinet.com to "To:" address to submit a spam.
---
However, in the scenario above (step 1, followed by step 2), FortiGuard systems do have issues parsing the nested submissions properly, since the original spam message is nested within two email messages at the time of receipt by FortiGuard.
As a standard, the FortiGuard Spam Collection Engine assumes that RFC822 MIMEs in the first level contain the original spam email message, so nested / double-attached spam samples (as would be the case in the above example) cannot be parsed properly. If the scenario above reflects your Spam management process, please contact your Fortinet TAC/TAM representative. Fortinet will need to make accommodations to properly parse your Spam submission.
In other words: If your Spam submission process looks like this:
Spam admin @ example.com - - > Submits spam sample to Fortinet
with email from - - > Internal end Users
with Spam sample (s) - - > Attached
In these cases, Fortinet will need to make special accommodations to properly parse the spam submissions. In other words, if there is a Central Spam collection alias for your company, responsible for aggregating and submitting spam samples from your internal customers and/or end-users, please let your TAC and/or TAM representative know about your Operational Model so that we can properly parse your spam submission.
