That’s a very valid question. I think the best answer is to give you a quick explanation of how the reported messages are addressed. The first process essentially a sorting of submissions in 3 different categories; spam, phish, unknown.
The spam messages are skimmed off first because we do get a lot of those, thankfully the analyst group has been dealing with spam for decades and has methods and tools to speed up the process.
The phish emails can be recognized because we’ll see campaigns going out to a multitude of customers and patterns can be gleaned fairly quickly.
The unknown are the ones where the time is spent. These are a mix of legit emails that were erroneously flagged (people really do say “Here is the attached invoice”, attach a file, and nothing more), new phishing campaigns, and some really interesting spear fishing attempts. This bucket takes the most processing time because sometimes it’s really obfuscated as to what is actually going on. Legit emails get discarded once identified and the phish emails get tagged and tracked.
So, quick answer is that it would be nice to not get spam reported but it’s certainly something we anticipate and have workflow to address.