Closed automationator closed 5 years ago
KarmaPenny
commented
5 years ago I think the way to do this is to have the email_analyzer add the reporting user as a recipient in the search archive so that they appear in the list of options when remediating
KarmaPenny
commented
5 years ago Also in the meantime you can still manually remediate these emails via the cmdline
unixfreak0037
commented
5 years ago I'm going to close this because PhishMe already moves the reported phish into the Junk folder, and the user has already shown they find it suspicious, so it's no longer a threat. Thus it's not super critical to actually remediate it, I'd rather we spend time elsewhere.
At some point we can redesign the way ACE handles email remediation, at which point this issue will resolve on its own.
Sometimes a user will report an email as a phish but ACE has no record of them receiving the email in the first place, whether due to it being forwarded internally, a shared mailbox, etc.
In these cases, the email remediation button does not list the phish reporter's address as one available to remediate. The phish report itself should serve as record of the user receiving the email, thus allowing us to remediate it from their inbox.