Reporting phishing or compromised emails

Updated by Cody Hefter

There are multiple ways to report an email you suspect is compromised or an attempt to phish; however, the reactionary option to immediately forward the message to support can lead to your email getting stopped by filters between you and our systems. To mitigate this and ensure your ticket gets created, please use one of the options below:

Option 1: Save the message and attach it to a new email to

  • This is the preferred method. Having the entire message as an attachment allows us to see valuable information about the sender and the route the message took on it's way to you.
  • Since the suspicious message is an attachment and doesn't display in plain text, it will not trigger any filter.
  • There is a detailed article here on saving an email with multiple applications.

Option 2: Forward the message to (replace with your company's domain)

  • You have had an address created for reporting phishing specifically as part of your support with us. This is designed to bypass the filters allowing the option to quickly forward a potentially dangerous message.
  • This is a perfectly acceptable option, but it will be missing some potentially pertinent information that you would get with the first option.
  • If you are not sure what we mean by domain, a simple way to know you've got it right is to copy your own work email address and replace everything before the @ with phish911

Note - This process should not be used to report standard spam messages such as sales inquiries or foreign royalty trying to give you an inheritance; instead, you can mark those items as spam within your email application or forward them to support.

How did we do?