What is Proofpoint?
Proofpoint is an advanced email filter designed to protect University email from SPAM, phishing, and other malicious email.
Why is this system being implemented?
Unfortunately, universities are frequent targets for spammers and other malicious actors who try to take advantage of faculty, staff, and students. The previous email filtering system would catch a lot, but nowhere near all, malicious email messages. The malicious messages that would still deliver included malware and non-malware threats such as impostor or spoofed emails (also known as business email compromise, or BEC). As a result, MTSU implemented a more robust email filtering system in order to combat this type of threat.
How does email filtering work?
The Proofpoint Protection Server filters all incoming and outgoing email. Based upon Proofpoint Protection Server rules and policies, messages are "scored." The message score indicates the probability the message is spam or malicious in nature. Therefore, a message with the scoring of 100 would have 100% chance of being spam or malicious and will be found in the Spam-Quarantined section of the Proofpoint Web Application.
Can I or my department be excluded from email filtering?
All users must use email filtering because email security is most effective when as many people as possible are protected by its services. End users should work with ITD in order to try to rectify any possible false positive findings by email filtering.
Why do I see [External] in the subject line of emails?
Since most malicious emails originate with external email systems, all email messages from senders external to MTSU are now tagged with [External] in the subject line. Malicious actors use sophisticated tactics to lure users into clicking malicious links in emails, opening malicious attachments, and responding to spoofed emails using external email messages manipulated to look like it came from an MTSU email account.
Note the [External] email tag does not mean all external email messages are malicious. The tag is a visual indicator designed to help users stop and think about interacting with external messages as part of our ongoing efforts to reduce the risk associated with malicious emails.
What is the Quarantine?
The Quarantine is the location on a server where email messages that are suspected to be spam are stored.
What is the end user digest?
The end user digest is an email report of the spam added to your quarantine that day. The end user digest is sent daily to help you keep abreast of the email that is being quarantined on your account. This feature is turned on by default. In order to modify your quarantine digest:
- Log into the Proofpoint Web Application with your MTSU user name and password.
- In the lower left corner, click Profile.
- On the right screen, under My Settings, 'Send digest with new messages in my End User Digest' is selected. You can select, 'Send digest even when I have no messages in my End User Digest'.
- Click Save
What do I need to do with the digest?
You do not need to do anything but delete the message after scanning it first for messages that you might not consider spam. If all the messages are spam, just delete the Digest message. If not, you can take action on the messages in the Digest using the web links. For example, you can:
- Release: Releases a message from the Quarantine and sends the message to your in-box. This link allows you to receive the message in your in-box so you can review the contents of the message.
- Safelist: This link does two things. It release the message to your in-box and it also adds the e-mail address of the sender to your personal Safe Senders list. Future messages from this sender will not be sent to the Quarantine.
- Not Spam: This link allows you to report to Proofpoint directly any message that you believe is not spam. Proofpoint amasses reports from all over the world to help them keep their spam detection technology up-to-date and correct as possible. Please note that this feature sends the contents of the message to Proofpoint.
To apply any of these actions to a message in your Digest, simply click the link for the message. A browser window opens to let you know the request is being processed.
Why can't I release emails from my Digest?
At the moment, the Proofpoint system is set to Quarantine and Deliver emails in order to give users time to trust specific email addresses by clicking the Allow Senders button. In the future, the email filter will be configured to Quarantine and Hold to help reduce the amount of unwanted or bulk emails that MTSU students and employees receive.
I did not get a digest today, why is that?
Your digest reports should only contain the list of messages that have been quarantined since the last digest. Currently, empty digest reports are not sent. If no messages that have come through addressed to you have been quarantined during the last reporting period, you will not get a digest report.
If you'd like to receive Digests even if empty, you may do so in the Proofpoint Portal, select Profile > My Settings and select the box next to "Send digest even when I have no messages in my End User Digest."
I am still getting spam in my inbox. What can I do about it?
Spammers are always finding ways to circumvent even the best spam detection technologies. You should see a tremendous reduction in the spam messages in your inbox. However you can manually add e-mail address to your blocked senders list or report it to firstname.lastname@example.org.
Why did Proofpoint stop a legitimate message?
While Proofpoint filtering is incredibly accurate, no automated system is perfect. We recommend that you review your quarantined messages periodically, either in your End User Digests or by logging on to your Web Console.
Why am I seeing a Proofpoint URL when I hover over a link in email?
Email links and attachments are inspected as messages hit your inbox. During this process, all links are rewritten with a Proofpoint URL. When you hover over an email link, you’ll see a Proofpoint URL that starts with: https://urldefense.proofpoint.com/. This lets you know the email has been scanned. If you click an unsafe email link, a notice will appear letting you know the Web site has been blocked. See the below images for examples of URL rewriting and Web site has been blocked messages.
Do I have to wait until my Digest to come in to see what has been quarantined?
You can see your quarantined email at any time either by logging on to your Web Console or by clicking the Request Summary Digest link in a previous End User Digest. Note that the Summary Digest will be a full listing of the messages in your personal Quarantine sorted by date with the newest ones at the top.
Can I receive my Digest in another language?
Yes, you may receive the Daily Digest in a language other than English. From the ProofPoint Portal, select Profile > Settings. In the Preferred Language field, make your selection.