Phish submissions
While Email Security offers industry leading detection efficacy due to Cloudflare's Threat Intelligence, Preemptive Threat Hunting (actor and campaign infrastructure hunting with 8B, plus campaign threat signals assessed every day) and ML-Based Detection Models (Trust Graphs Computer Vision, Sentiment/Thread/Structural Analysis, Industry/Natural Language Understanding Modeling) false negatives and false positive can occur.
There are two different ways to submit a phish sample:
- User submission:
- Submitted directly by the end user, and used with phish submission buttons. To learn more about user-submitted phish, refer to PhishNet for Microsoft O365.
- User submissions can create another challenge for your organization. While it is important for end users to be vigilant and report what they believe may be a phishing email, they are often wrong. About 90% of the time, when an end user reports a missed phishing email, they are mistaken. This puts an extra burden on busy security teams as they sift through end user reports. The PhishGuard team at Cloudflare can solve this problem for your organization by reviewing end user submissions for you.
- Admin submission:
- To be used when IT administrators or security teams submit to Email Security. Submit original phish samples as an attachment in EML format to the appropriate team submission address.
- Within the Email Security dashboard, Phish submissions will allow you to have a full understanding of what reclassification has been made and what the outcomes of those submissions are.