Frequently Asked Questions

ips-logoIntrusion Prevention

app-control-logoApplication Control

web-filter-logoWeb Filtering

av-logoAntivirus

as-logoAntispam

  • How do I report a false positive? The antispam service is detecting valid emails.
    If you notice a false positive, a clean message marked as spam by FortiGuard AntiSpam Service, or if you believe an IP address, URL, or email address is blocked incorrectly, you can either:

    If you are the email sender who had an email message incorrectly blocked please send us the error message you received. The error message should look like the following:

    mail.xxx.xxx #5.7.1 smtp;554 5.7.1 This message has been blocked because it contains
    FortiGuard - AntiSpam blocking URL/IP/Email/Hash(s).(black url/ip/email/hash xxx.xxx)
                            

    If you are a Fortinet customer please send us the AntiSpam log messages obtained from FortiGate, FortiClient or FortiMail, including your Fortinet product's serial number. The AntiSpam log from FortiGate should look like the following:

    Feb 26 19:15:13 xx.xx.com date=2006-02-26 time=19:15:14 device_id=FGT-xxxxxxxxxxx log_id=xxxxxxx
    type=emailfilter subtype=smtp pri=notice vd=root src=xxx.xxx.xxx.xxx dst=xxx.xxx.xxx.xxx
    src_int=wan1 dst_int=internal service=smtp status=detected from="xxx@xxx.com" to="xxxx@xxx.net"
    msg="The email contains FortiGuard - AntiSpam blocking URL(s).(black url xx.xxxx.xxx)"
                            
  • How do I report problems with your antispam software/services?
    Please fill out this form and provide details of the problem encountered. Please include the Fortinet hardware or software product used including model, os and/or software version number as appropriate.
  • How do I mark a message as spam?

    Submitted spam will be analyzed, and their signatures will be extracted to be added to our spam signature database. This helps to improve the FortiGuard AntiSpam detection and filtering for similar spam. We appreciate your submitted spam samples, but do not respond to them due to the high volume of submissions.

    Submission Instructions:

    For Microsoft Outlook:


    Method 1:
    1. Open Microsoft Outlook
    2. Create a new email to submitspam@fortinet.com
    3. Drag the message(s) you want to submit from the "message listing" pane into the body of the new message window you just created.
    4. Send the message.

    Method 2:
    Set Outlook to forward email as original attachment by
    1. In Outlook menu, click "Tools" -> "Options"
    2. In "Preference" tab, click "Email Options..." button in "Email" section
    3. In the drop-down section "When forwarding a message," choose "Attach original message text"
    4. Click "OK"
    From now on, you can simply click the "Forward" button in Outlook and set submitspam@fortinet.com as the "To:" address to submit a spam.

    For Microsoft Outlook Express:


    1. Open Microsoft Outlook Express
    2. Right-click the message you want to submit, click "Forward As Attachment"
    3. Set submitspam@fortinet.com as the "To:" address
    4. Click "Send"

    For Thunderbird/Mozilla/Netscape:


    Method 1:
    1. Open Thunderbird/Mozilla/Netscape mail
    2. Create a new email to submitspam@fortinet.com
    3. Drag the message(s) you want to submit from the "message listing" pane into the 'attachment' area of the new message window you just created.
    4. Send the message

    Method 2:
    Set Thunderbird/Mozilla/Netscape to forward email as original attachment by
    1. Click "Edit" -> "Preference"
    2. In Composition section, there is a drop-down option for "Forward messages". Choose "As Attachment".
    3. Click "OK"/"Close"
    From now on, you can simply click the "Forward" button in Thunderbird/Mozilla/Netscape and set submitspam@fortinet.com as the "To:" address to submit a spam.

    For Lotus Notes Client:


    1. Open Lotus Domio Client
    2. Open the spam email which would like to submit.
    3. From Menu View -> Show -> Page Source
    4. Select the entire page source and copy the selected content.
    5. Paste it to a notepad and save it as spamsample.eml.
    6. Create a new email with the spam email as an RFC-822 MIME encoded attachment.
    7. In the To box, type: submitspam@fortinet.com
    8. Send the message.

    For Web Based Mail Clients:


    If you are using web-based mail like yahoo or gmail, please forward the spam email as an attachment instead of inline text.

description-logoIP Geolocation

  • Why do I see an IP being deployed in multiple locations? What is Anycast?

    Anycast is a technology that consists of multiple different servers around the world with the same IP address. It typically routes the user's request to the closest available server, and multinational telecom providers often use it to reduce latency on global services.

    Since anycast IPs have different physical locations for deployment, all of which are considered "correct" and none of them have priority, a single physical location is not very conclusive for the designated anycast IP in firewall policies. To address this, FortiOS provides an option to whitelist or blacklist all anycast IPs. This can be done by using the anycast flag setting in FortiOS. Additionally, the GeoDB shows the registration location of an IP as its default location if it's anycast. This feature enables users to configure firewall policies based on the generic GeoDB function.

    Please refer to our TAC team or your local support engineer for assistance on the functions mentioned above.

  • What is the physical location vs the registration location of an IP?

    IP address ranges are publicly registered on internet registries (RIRs). This registration information, also known as WHOIS information, includes the country where the owning entity is headquartered. This country is considered the registration location of an IP block. However, multinational internet service companies often allocate their IPs to data centers around the world. As a result, the physical location of an IP may not necessarily match the registration information.

    Our IP-Geolocation database by default displays and uses the physical location of an IP. Showing the actual geographic location of an IP is fundamental in various fields, including location-based services and malware detection. However, our database also includes the registration country data. FortiOS can be configured to use either the "physical location" or the "registration location" depending on your specific needs.

    Please refer to our TAC team or your local support engineer for assistance on the functions mentioned above.

description-logoMiscellaneous