Handling False Positives and Negatives

The number of false positives (messages that are identified as spam, but are not) and false negatives (messages that are not identified as spam, but are) can be reduced by forwarding these messages to Sophos. SophosLabs analyzes characteristics of submitted messages and adjusts the anti-spam data accordingly. False positive messages should be sent to not-spam@labs.sophos.com, and false negatives should be sent to is-spam@labs.sophos.com.

You should consider including the capability that allows users or administrators to report such falsely identified messages. If you do, note the following requirements:

  • The message forwarded to Sophos must include the whole message source, including headers, sent as an RFC822 attachment.
  • The headers must include the version number of the engine and the version and date of the data package used to scan the message.
  • The headers must include the hits fired by the engine and the spam probability assigned to the message.
Spam is defined as scoring greater than or equal to 50% and less than 50% for not spam, even if your application defines these differently. Sophos requires that all host applications that wish to report spam/not-spam to Sophos use the 50% mark as the spam/not-spam dividing line. Any reports of is-spam/not-spam made using a different dividing line will be ignored, and may lead to all reports from the application being ignored.