AntiSpam products such as McAfee AntiSpam should provide extremely high spam and phish detection rates, but even with Streaming Updates enabled, you may occassionally recieve an unwanted spam message. The chances are high that the McAfee AntiSpam team will also recieve the missed spam from our extensive collection of spam honeypots, but submitting missed spam is worthwhile and can help improve detection rates as customer samples are processed, reviewed and added to our ruleset where appropriate.
McAfee provides a free plug-in for Microsoft Outlook to simplify sending any missed spam samples. Samples can also be submitted from Lotus Notes, and manually using other email clients. It is important to send the complete message, including the message headers, wherever possible, as the mail headers contain valuable information that can be used to detect spam.
Spam and phishing emails can be sent to McAfee using the following processes:
How to submit a spam or phish sample using the McAfee Spam Submission Tool
The McAfee Spam Submission Tool is a small plug-in for Microsoft Outlook that allows missed, or low scoring, spam messages and incorrectly identified non-spam messages to be quickly and easily sent to McAfee for analysis.
The Spam Submission Tool can be downloaded from the
Free Tools section of the following URL:
It is also posted in Avert Tools sites
NOTE: NEW RELEASE - Version 2.2 (2.2.414) of McAfee Customer Submission Tool is now available for download. New Features include:
- Exchange 2007 mail environment support.
- Outlook 2007 support.
Follow the included installation instructions to install the Spam Submission Tool. After the Spam Submission Tool is installed, two additional icons are displayed in the Outlook Toolbar.
- To submit a spam/phish message that was not detected with the latest rule set, select the spam/phish message and then click the Submit Spam or Phish Sample icon on the toolbar.
- To submit a message that was incorrectly detected as a spam/phish message with the latest ruleset, select the message and then click the Submit Non-Spam Sample icon.
- Messages larger than 1 MB in size can not be submitted via the Tool.
For addition information refer to the Customer Submission Tool product guide (cst_20_product_guide_en.pdf) which is also available in several languages from:
Submitting samples from IBM Lotus Domino Servers / Lotus Notes Clients
Follow the advice documented in article: KB54323 - Collecting Spam samples for issues incurred on Lotus Domino servers and Notes Clients.
Manually submitting missed spam
The analysis of messages to identify spam does not solely rely on the body text of the message. The header and message construction allows us to review and design accurate language independent detection to further the effectiveness of the product. Wherever possible, the complete message including original headers is required. One of the benefits of the McAfee Anti-Spam technology is its language independent analysis of the message construction and headers. A forwarded message loses much of this vital information, so attach the original spam message to a new message when sending it.
IMPORTANT: Any spam messages should have the whole message saved or exported as an attachment, and then attached to a new message for submission to McAfee for analysis. Please ensure mail is submitted by (or from) a mail administrator should we need to contact you. Auto-forwarded emails will be automatically discarded.
Manually submitting False Positives
NOTE: The mailboxes for spam submission are not for support queries.
A false positive is a spam detection for an item which is actually legitimate. False positive detections should be sent to the email address below:
NOTE: Clicknet.com is a domain owned by McAfee Inc.
It is extremely unlikely that we would need to contact someone in relation to a submitted sample, however it is recommended that any submissions are sent from a legal email address (not an alias) and include contact information including the company name and telephone number(s).
Submitting missed or low scoring spam manually
For items which are actually spam but failed to be captured by a McAfee product either due to a new method of spam delivery, or where the spam detection rules were insufficient to trigger the appropriate response (for example, scored 4.9 or less), use the following email address: