Skip to main content
Skip table of contents

Report Junk & Phishing Button

The Outlook report button can be utilised to share potential false negatives / false positives with your helpdesk and the Mesh detection team.

image-20250107-161454.png
image-20250110-100852.png

Sharing the message with our detection team allows us to update our filtering based on user feedback and allows you to get notified of potential spam/phishing or false positives.

Please note that our reporting mailbox is largely automated and you/the end user will not receive a response. If you wish to discuss a false positive/false negative further, an email to support@meshsecurity.io is more appropriate.

Configuring Button Experience and Report Destination

Step 1: Go to Microsoft Security Center

Navigate to https://security.microsoft.com → Settings → Email & collaboration → User reported settings.

image-20250107-113449.png
image-20250107-113402.png

Step 2: Configure Reporting Experience

Ensure the following options are checked:

  • “Monitor reported messages in Outlook.”

  • “Use the built-in Report button in Outlook.”

  • “Ask the user to confirm before reporting.”

  • “Show a success message after the message is reported.”

image-20250107-113853.png

Step 3: Configure Reporting Destination

Set send reported messages to:

“My reporting mailbox only.”

The email address specified needs to be a mailbox within the customer’s tenant.

image-20250107-113655.png

Create a Mail Flow Rule for Report Button

This mail flow rule will allow you to Cc the reported email to other mailboxes external to the customer’s tenancy.

Step 1: Go to Microsoft Exchange Admin Center

Navigate to https://admin.exchange.microsoft.com → Mail flow → Rules.

Step 2: Add a Rule

Click Add a rule → Create a new rule.

Step 3: Rule Conditions

Give the rule a name and apply the following rule conditions:

The sender → is external/internal → Inside the organization.

AND

The message headers → matches these text patterns.

'x-ms-exchange-antispam-submissionids' message header matches ‘\w’. (no quotation marks)

AND

The subject or body → Subject includes any of these words.

‘Phishing’ → add → ‘Junk’. (no quotation marks)

image-20250108-144038.png

Step 4: Do the following

Add recipients → Copy (Cc) the message to o365-submission@meshsecurity.io and any other recipients you would like to add.

image-20250108-144102.png

We recommend that you Cc an address at your MSP to ensure that you have visibility of reports e.g. your security team or helpdesk.

With this information, you should check the Live Email Tracker to verify the emails verdict. If it appears to be a missed detection, you can use our “Remediate” function to remove the message from impacted mailboxes. If it is a false positive, you can create an allow rule or verify if the policy options in place caused it to be moved to the junk folder.

Step 5: Review and Finish

The rule settings do not need to be changed and you can select next.

image-20250108-144131.png

Step 6: Enable Rule

New mail flow rules are disabled by default. In the Rules table, select your Mesh Report Button rule and click the enable or disable rule slider.

image-20250108-144341.png
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close