Legitimate emails being marked as phish in Adaptive Email Security.

The situation remains stable, with no new URL's being incorrectly flagged. The team are still assessing options to re-process emails affected by the incident, but this will take time. For customers experiencing issues viewing events in the portal, we are seeing steady improvements when loading events. In the meantime, we recommend manually reviewing and releasing emails where possible. Thank you for your patience, we'll continue to share updates as progress is made.

As of approximately 6:00 AM UTC there should be no more emails incorrectly flagged as phishing because of the corrupted rule - the team is continuing to monitor the incident. Any edits made to Adaptive Email Security filters because of this incident can now be reverted. We are assessing the options for remediation of emails incorrectly flagged as phishing during this incident and will update once a decision has been made.

The team continues to make progress identifying URLs impacted by the initial incident and remediating each in turn, but an ETA on when this will be complete is not yet available. We are also looking into additional remediation steps for emails incorrectly flagged as Phish as a part of this incident, and will update once we have more information.

The team has identified a bad rule in the Proofpoint integration which incorrectly flagged URLs as Phish. The issue with the corrupted rule has been resolved, and Proofpoint is working to identify and resolve all URLs incorrectly flagged.

We currently have elevated rates of legitimate emails being marked for phish. Customers may observe some legitimate emails containing specific URLs are being flagged and actioned based off their configuration.
The team is currently investigating to understand the cause and take immediate steps to mitigate.