Recurrent pattern (RPD)
The message was classified as spam by one or more RPD patterns. The main reasons for RPD-based false positives are:
- An RPD pattern which identifies one or more spam campaigns also happened to match a valid email message leading to false classification of it as spam.
- A valid bulk email (i.e., newsletter) was misclassified as part of a spam outbreak. These cases are analyzed and whitelisted to ensure that this type of valid bulk will not be blocked again in the future.
Sender IP
The message was classified as spam because it was sent from a suspicious IP address. Following your report, we usually update the reputation of the reported IP address to “No Risk”. You can verify the current reputation status of the IP address here <http://www.cyren.com/security-center/ip-reputation-check>
However, if CYREN will identify any new spam outbreak from the IP address over the next 30 days, it will get blocked again. Otherwise, the IP address’ reputation will remain clean.
Sender domain
The message was classified as spam because it was sent from a suspicious domain. The main reasons for a domain to become suspicious are:
- Lack of valid WhoIs record.
- Spam outbreaks appear to be sent from the domain.
- A combination of the above reasons.
URL
The message was classified as spam because it contained a URL which was classified as suspicious.
Proactive patterns (PPM)
The message was classified as spam by a proactive pattern which was generated by CYREN spam analysts to address an emerging spam technique. When PPM causes false positives, CYREN spam analysts remove the proactive pattern to prevent any new false positives.