Articles on: Campaigns

Connect existing Report Phishing buttons to AutoPhish

If your company already uses a phishing-reporting button from another email-security vendor, AutoPhish can ingest those reports when the vendor can forward a copy of the reported message to an email address.


For now, use this destination address:


report@autophish.io


This article covers providers where that forwarding path is documented:


  • Proofpoint PhishAlarm
  • Mimecast Email Incident Response
  • Trend Micro Email Reporting


Before you begin


Make sure you have:


  • an administrator account for the vendor platform
  • the user-facing reporting add-in already deployed, if the vendor requires one
  • permission to change reporting or notification settings
  • a recent AutoPhish simulation email you can use for testing


After you finish the vendor-side setup, send one test report from the user’s mailbox and verify that it reaches report@autophish.io.



Proofpoint PhishAlarm


Proofpoint documents that PhishAlarm can forward reported messages to specified email recipients, supports separate handling for Potential phishing email handling and Simulated phishing emails, and can include attachments when forwarding. (help.proofpoint.com)


Provider documentation: Proofpoint – Configuring Reported Email Forwarding Options


Steps


  1. Sign in to the Security Education Platform.
  2. Open PhishAlarm > Settings.
  3. Open the Admin Communications tab.
  4. In Reported Email handling, configure at least these two categories:
  • Potential phishing email handling
  • Simulated phishing emails (from Phishing Simulation)
  1. For each of those categories, select Forward to the Following Email Address.
  2. Enter report@autophish.io.
  3. In File Delivery Settings, enable forwarding of included attachments so AutoPhish receives the fullest possible copy of the reported message.
  4. Save the changes.



Test


  1. Open a recent AutoPhish simulation email in Outlook or Outlook Web.
  2. Click the PhishAlarm button.
  3. Confirm the user sees the normal Proofpoint confirmation.
  4. Wait a moment and verify that the report has been forwarded to report@autophish.io.


Important note


Proofpoint supports different routing rules per message type, so do not configure only “potential phish” and forget “simulated phishing emails,” or AutoPhish reports from training campaigns may never be forwarded.



Mimecast Email Incident Response


Mimecast documents an Additional Recipient feature that sends a copy of every end-user report to a mailbox of your choice. The documented setup path is through Users & Groups | Applications and Common Applications | Gateway Settings. (mimecastsupport.zendesk.com)


Provider documentation: Mimecast – Additional Recipient


Steps


  1. Sign in to the Mimecast Administration Console.
  2. Go to Users & Groups | Applications.
  3. Either:
  • click New Application Settings, or
  • open the existing application settings definition you already use for reporting.
  1. Go to Common Applications | Gateway Settings.
  2. Click Allow Report Spam/Phishing/Malware Recipient.
  3. Enter report@autophish.io as the additional recipient.
  4. Save the settings.


Test


  1. Ask a user to report a recent AutoPhish simulation with the Mimecast reporting button.
  2. Confirm the user report is processed normally in Mimecast.
  3. Verify a copy is sent to report@autophish.io.


Important note


Mimecast describes this as an additional recipient, so the forwarding can be added without replacing the customer’s existing Mimecast review workflow.



Trend Micro Email Reporting


Trend Micro documents a Report to administrators option for end-user email reporting and says you can specify at least one and at most 10 email addresses as destinations. It also recommends using addresses in the current organization so the reported messages are not scanned, deleted, or blocked by Cloud App Security. (docs.trendmicro.com)


Provider documentation: Trend Micro – Email reporting


Steps


  1. Sign in to the Trend Micro administration console for Cloud App Security / TrendAI email reporting.
  2. Open the Email reporting settings page.
  3. Turn on Report to administrators.
  4. In the address list, add report@autophish.io.
  5. Optionally enable the confirmation email to end users if you want them to receive an acknowledgement.
  6. Optionally enable When reported as spam or phishing, move the message to the Junk folder if that matches the customer’s workflow.
  7. Save the configuration.


Test


  1. Use the Trend Micro reporting add-in or warning-banner action to report a recent AutoPhish simulation.
  2. Verify the report is forwarded to report@autophish.io.


Important notes


If the Trend Micro add-in was deployed before March 22, 2024, Trend Micro says it must be deployed again for users to report emails to administrators in the organization.


Trend Micro also recommends using addresses in the current organization for this feature. Since the current AutoPhish destination is report@autophish.io, validate this setup in the customer environment before a broad rollout.



Final check


After configuring one of the providers above:


  1. send or locate a recent AutoPhish simulation
  2. report it with the vendor’s reporting button
  3. confirm the report reaches report@autophish.io
  4. only then roll the setup out broadly

Updated on: 30/03/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!