Report Spam Messages

Help! I received a spam message!

Your first reaction when you receive spam might be to blacklist the sender but in order to reliably block similar messages, the best course to take is to report those messages to our Rules Engineering team. Getting us these samples gives us all the information we need to adjust our filters to correct the situation.

It is imperative for our team to receive the original email with the headers so that we can diagnose what happened and test our fix.

In order to optimize throughput, our rules engineers do not generally respond to spam samples that have been reported to us. If you want an analysis for a specific spam sample, please contact our technical team.

Reporting spam with Office 365 Reporting spam with Microsoft Outlook
Reporting spam with other mail clients

Reporting spam with Office 365

If you are using Office 365 to manage your users, we provide an add-in that can easily be deployed across your organization. The add-in gets installed in the Outlook client as well as the Outlook web interface.


Log in to the Office 365 administration portal with a global admin account. Go to the Admin section. Then, Settings->Add-ins.


Click + Deploy Add-in.


Choose upload custom apps and input the following URL:


Before completing you will be asked to specify deployment options. Decide to deploy the Add-In for everyone or specific users/groups as well as the deployment method (Fixed, available, optional).

Be aware that it can take up to 12 hours for the add-in to deploy across your whole organization.

Authorize the add-in for all users

This step is optional but will permit a flawless deployment. Without this step, upon first interaction with the add-in, users will be invited to authorize permissions.

While connected as a global admin.

Go to Azure Active Directory

Choose Enterprise applications.

Select and click on Spam Reporting in the list.

In the left side menu, go to Permissions.
Click on Grant admin consent for ZEROSPAM SECURITE INC. 
You will be invited to authorize the add-in on behalf of all users.

Reporting spam with Microsoft Outlook

Users of Microsoft Outlook can download a plugin that will enable them to report false negatives to us with a single click. This plugin installs a button in Microsoft Outlook that allows you to automatically report undetected spam messages to the right email address with all the information required for analysis.

There are two versions of the Outlook plugin: Version A for single user computers and the Citrix Version for multi-user computer stations or stations in a Citrix environment.

Single User Computer

Select the appropriate installer according to your version of Outlook:

For Outlook 2010 to 2019 (32 or 64 bits) Outlook 2010-2019
For Outlook 2000 to 2007 Outlook 2000-2007

Please note: in order to install this plug-in, you need to have administrative privileges on the workstation. 

  • Close Outlook before starting the installation.
  • Once the download is complete, select the language and click on “Next”. Keep the default location C:\Users\%username%\AppData\Roaming\ZeroSpam and click on “Install”.
  • Once the installation is over, a button should appear at the top right of Outlook’s toolbar/ribbon. If the button does not appear, restart Outlook.
  • From there on, all you will need to do to report a false negative to is to select a spam message and click on the plugin button.

For Outlook 2000-2007: please note that you can only report one message at a time. If you select several messages before clicking on the plugin, your messages will not be sent.

Multi-User or Citrix Computers

For Outlook 2010 to 2019 (32 or 64 bit) Citrix Version - Outlook 2010-2019
  • Once the download is complete, open the command prompt as an administrator. Note that for installation on a single Citrix station, you must be an administrator authorized to modify that station. For installation on all stations in a Citrix environment, you must be an authorized Citrix administrator.
  • Next, enter the following command into the prompt: msiexec /i ZS_Plugin(1.1.11)_PM.msi FEDERALREPORTING=TRUE/FALSE
  • The installation will proceed silently for all user workstations. The Plugin will then be available for all users.

The “FEDERALREPORTING” variable must be set to either TRUE or FALSE. This will determine whether reported messages will also be forwarded to the CRTC in accordance with the CASL. If this option isn't set on installation, the user will be prompted for a choice upon first running the plugin. This choice can also be changed at a later time from the plugin's settings.

Reporting spam with other mail clients

When using other email clients, forward spam messages as .eml attachments to Make sure to use the correct address as other addresses are filtered and will likely reject the email as a result. All reported messages are individually analyzed and information gathered from these analyses is integrated into our processes, thus improving filtering accuracy. In order for spam messages to be properly analyzed, they must be ideally be sent as attachments. This way, our technicians will have the original message along with all information contained in its transmission headers.

Here is how you should proceed depending on the email provider you use:

Microsoft Outlook Express Right-click the message you want to report, and select Forward as attachment from the menu that appears.
Mozilla Thunderbird Select the message you want to report. Then, in the Message menu, under Forward as select Attachment.
Apple Mail for Mac OS X In the View menu, click on Message, and select Show full headers. You can then use the forward function as usual.
Microsoft Entourage (Office for Mac) Open the spam message by double-clicking it. In the View menu, select Source or Internet headers and copy the entire contents into a new email.

Thanks for reporting a spam email to our team. However, there appears to have been an issue with either the spam you reported or the way you reported it. You might want to send a link to this page to your IT person.

No .eml file attached

In order to tune our filters to block spam, we need to have the original email that got to you in an attached file in the .eml format. This is needed so that we can analyse the headers and test our updated filters. Please refer to the  Reporting Spam Messages article at the bottom of this page for tips on how to do that.

None of our headers were present

The email you reported was in the correct .eml format, but it appears to not have passed through our filters. This might be due to one of two things:

  • The email might have been sent directly to your mail server. In this case please follow our instructions on Restricting access to your mail server at the bottom of the page.
  • The email might be internal. You might want to check with the sender why they sent you this email.

If you are unsure what case it is, MxToolbox offers a header analyser where you can paste the header's emails to understand the emaill path.

Sender was whitelisted

We might have detected that email as spam, but the sending address, domain or IP was whitelisted for your organisation in the Filtering Parameters in Cumulus. You might want to re-evaluate the whitelisting of this entry. To change these parameters, see  Managing Filtering Parameters in the links at the bottom of the page.

If you are unsure what whitelist entry affected this email, please reply to the email that notified you of the situation.