Are you using a third-party report email tool, or do your users forward you emails directly, or do your users use an unsupported email client (e.g. Apple Mail)? If so, you're in luck! Emails reported through these channels can be forwarded to CanIPhish for analysis.
This is supported through a dedicated mailbox that CanIPhish maintains for each tenant. To get started, follow the steps below.
1. Locate your dedicated tenant-specific CanIPhish mailbox. This mailbox can be found by going to Reporting > Reported Emails > Report Email Settings:
2. Your dedicated tenant-specific CanIPhish mailbox is located in the Forwarding Inbox field:
3. If you haven't already, make sure your Email Reporting Status is set to Enabled.
4. Simply forward any reported emails to your dedicated Forwarding Inbox! These reports will appear within the Reported Emails table within 60 seconds of the report being received.
You're all done! If you run into any issues, please contact the CanIPhish support team.
Frequently Asked Questions
I'm experiencing issues with the Reported By/Email To/Email From being misattributed
When employees report a suspected spam or phishing email, it can reach your forwarding inbox in a few different ways — and how it's sent affects how accurately we can identify the original sender, recipient, and message details. To set this, open your Email Reporting settings, find the Forwarding Inbox field, and click the cog (⚙️) icon beside it. You can then choose one of the following:
- Automatic (Default) — Not sure, or your team reports emails in more than one way? Choose this, and CanIPhish will do its best to automatically work out how each email was sent.
- Forwarded Inline — The email is forwarded as part of a new message (for example, from a shared reporting mailbox). Because this can replace the original sender and recipient details, CanIPhish will read the original details from within the message body.
- Forwarded As An Attachment — The suspected email is attached to the report (for example, as an .eml or .msg file). CanIPhish will open the attachment to recover the original details.
- Direct (SMTP) Forward — The email is passed straight through, keeping the original sender, recipient, and message details intact.
Choosing the option that matches how your team reports emails helps CanIPhish analyze each report as accurately as possible. If you're unsure, leave it on Automatic.
I'm using a third-party report email tool, and only want to forward simulated phishing emails.
If you're using a third-party Report Email tool, such as those offered by Proofpoint, Mimecast, etc. You can simply configure these platforms to forward email reports to CanIPhish. If you only want to forward simulated phishing emails to CanIPhish, then you can add filters so only emails that contain one of the following keywords are forwarded:
- X-CanIPhish (if white-labelling isn't setup) <-- Email Header Name
- X-SIMPHISH-GUID (if white-labelling is setup) <-- Email Header Name
- Your Tenant ID (Text before @phish-report.com in the forwarding inbox) <-- Email Header Value
Comments
0 comments
Please sign in to leave a comment.