False Positive Email Alerts

If you’re like most people, then you’re already using anti-virus software and have implemented anti-spam controls so that unwanted email does not reach your inbox. Occasionally I look at my “spam” folder and am surprised to see emails in there that I would ordinarily read. Some are even emails that I must read.

The industry has come to refer to these falsely removed emails as “false positive” email. An email incorrectly identified as a “false positive” is basically a false alarm.  But what is unfortunate is that it is the equivalent of placing a bill or other important piece of mail on top of your trash pile when separating your paper mail.

A false positive most often occurs when an anti-virus program or anti-spam filter identifies a file (email) as either containing a virus or as being a spammed email. This can happen when a string of characters in an email match a known virus string of characters, although the file itself is not infected. This can also happen when an unwanted action is performed that appears to be a virus-like activity as identified by anti-virus software.


In the case of spam, often times after you fill out a form or send an email from some company’s website you will, in return, receive an automatic email confirming your application or submission. If the email operator is experienced they will also include a disclaimer which will also ask you to disable your spam filtering software. It will ask you to look in your “SPAM,” “Revoked,” “Junk Mail” or “Bulk Mail” folders for their messages. Sometime they will also ask you to add their email domain address to your approved senders list in order to receive email from them.

Most email packages use Bloodhound heuristics to detect virus-like activity.

Examples of virus-like activities can include, but are not limited to, writing to the master boot record of the hard disk, making changes to a system file, or running a custom macro in a program such as Microsoft Word.

False detections, once confirmed, can easily be corrected and should be corrected as soon as possible.

Written by Mike Rede

Leave A Reply