Proofpoint User Guide

Introduction

Central Piedmont utilizes the Proofpoint system to safeguard college mailboxes against potentially malicious emails. Proofpoint scans all incoming emails for phishing & spam and stores potentially harmful messages in a quarantined folder, thus preventing them from reaching your inbox. You can access your Proofpoint settings and quarantine at any time by visiting spam.cpcc.edu and logging in with your Central Piedmont username and password or by clicking the "Manage my Account" link in your End User Digest email.

Table of Contents

  1. Modifying Spam Detection Settings
  2. Managing and Previewing Quarantined Email
  3. Options for Quarantined Messages
  4. Safe and Blocked Senders Lists
  5. Understanding the Proofpoint End User Digest
  6. Proofpoint URL Protection
  7. Managing False Positives

Modifying Spam Detection Settings

Two different spam detection settings are available within Proofpoint: "Relaxed" and "Strict". The default setting is "Relaxed", which delivers potentially harmful spam emails to your "Spam - Quarantined" folder (accessible from the spam.cpcc.edu web console) and all other low-priority mail to your Central Piedmont inbox.

"Low-Priority Mail" (also known as "Bulk Mail") comes from entities that you normally deal with but is not necessarily directed towards you personally. Examples include marketing / advertising emails, survey emails, and other general purpose emails from vendors. These are usually messages that you may want to see at some point but don't necessarily need to see in your Central Piedmont inbox as soon as they arrive. Low-priority messages are put into folders labeled "Low Priority Mail - Delivered" or "Low Priority Mail - Quarantined" depending on which setting you choose. Low-priority mail messages are visible in both your daily "End User Digest" email and the Proofpoint web console (spam.cpcc.edu).

To change your Proofpoint spam detection level, follow the steps below:

1. Log into the Proofpoint web console.

2. Click "Profile" in the lower-left corner and select which detection level you want:

Proofpoint profile settings

1. "Inbound Relaxed (Low Priority Mail - Delivered)": All low-priority mail will be delivered to your Central Piedmont inbox. Potentially malicious messages (phishing, spam, etc.) will be delivered to the "Spam - Quarantined" folder.

  • If you notice messages in the "Low Priority Mail - Delivered" folder that you do not want delivered to your Central Piedmont inbox in the future, click "Block Sender".

2. "Inbound Strict (Low Priority Mail - Quarantined)": All low-priority mail will be held in the "Low Priority - Quarantined" folder. Potentially malicious messages (phishing, spam, etc.) will be delivered to the "Spam - Quarantined" folder.

  • If you notice legitimate messages in the "Low Priority Mail - Quarantine" folder, you must release the message in order for it to be delivered to your Central Piedmont inbox. If you want messages from this sender to be delivered to your inbox in the future, click "Allow Sender".

(Back To Top)

Managing and Previewing Quarantined Email

All emails which Proofpoint suspects of being phishing or spam are automatically placed in the "Spam - Quarantined" folder and kept for review for 30 days before being discarded by the system.

To view emails which have been quarantined by Proofpoint, please follow the instructions below:

1. Log into the Proofpoint web console.

2. In the lower-left corner, click "Quarantine"; then, select the folder you wish to view:

Proofpoint quarantine settings

3. In the menu bar, click "Find" to search for a message by subject and date range:

Uploaded Image (Thumbnail)

(Back To Top)

Options for Quarantined Messages

Proofpoint menu bar

You may choose one of the below options from the menu bar after selecting one or more messages in your list. Available options differ depending on which folder you are in.

  • "Find": Searches for specific messages by sender, subject, and / or age of message.
  • "Not Spam": Releases the message to your inbox and prevents similar messages from being flagged as spam going forward.
  • "Release": Delivers the message to your inbox and automatically reports that the message was not spam.
  • "Block Sender": Adds the sender of the message to your "Blocked Senders" list.
  • "Delete": Deletes the selected message(s).
  • "Allow Sender": Delivers the message to your inbox, adds the sender to your "Safe Senders" list, and automatically reports that the message was not spam.
  • "Options": Requests an updated digest, refreshes the folder, or deletes all messages.

(Back To Top)

Safe and Blocked Senders Lists

Proofpoint Safe & Blocked Senders Lists

  • "Safe Senders List": Messages from senders or domains on this list will bypass spam filtering and be delivered directly to your inbox after being screened for viruses and other security threats.
  • "Blocked Senders List": Messages from addresses or domains in this list will not reach your inbox.

Adding Entries:

  1. After selecting the appropriate list, click the "New" button on the menu bar.
  2. Type the email address or domain you want to add and click "Save". Continue creating entries, clicking "Save" after each addition. When finished, click "Close".
    • Example 1: Adding "spammer.com (no "@") will block "userA@spammer.com" and "userA@malicious.spammer.com".
    • Example 2: Adding "@spammer.com" will block "userA@spammer.com".

Editing / Deleting Entries:

  1. After selecting the appropriate list, select the checkbox beside the entry with your mouse and click "Edit". After making all necessary changes, click "Update" to apply them.
  2. To delete entries, select each entry you wish to delete and click "Delete".

(Back To Top)

Understanding the Proofpoint End User Digest

The Proofpoint email filtering system places messages that are suspected to be spam or other unwanted email into your personal quarantine. After 30 days, these messages are purged from the system and can no longer be retrieved. Each weekday after 3:00 p.m., you will receive an email update from Proofpoint known as an "End User Digest"; this email contains a quick overview of what has been caught by the spam filter and placed into your quarantine since the last digest was sent.

Sample end user digest email

System Commands:

  • "Request New End User Digest": Immediately delivers an updated end user digest to your inbox.
  • "Request Safe/Blocked Senders List": Delivers a full copy of your "Safe Senders" and "Blocked Senders" lists to your inbox.
  • "Manage My Account": Opens the Proofpoint Web Console, where you can access your quarantine, manage your settings, or update your safe and blocked senders lists.

Message Commands:

  • "Release": Delivers the message to your inbox and automatically reports that the message was not spam.
  • "Release and Allow Sender": Releases the message from the quarantine and sends it to your inbox. Also adds the sender to your "Safe Senders" list.
  • "Block Sender": Adds the sender to your "Blocked Senders" list.
  • "Not Spam": Delivers the message to your inbox, adds the sender to your "Safe Senders" list, and automatically reports that the message was not spam.

(Back To Top)

Proofpoint URL Protection

Proofpoint's URL Defense protects you and Central Piedmont's network resources by blocking access to malicious websites. Links in all email messages are evaluated using a variety of sophisticated techniques to determine the likelihood that they lead back to phishing or malware websites. As part of the process for enhanced scanning & detection for attachments and phishing, Proofpoint rewrites hyperlinks in emails so that websites can be checked for malicious activity before users access them.

If you hover over a rewritten link, you will see "https://urldefense.proofpoint.com/v2/url?=" added to the beginning of the original link followed by a string of letters and numbers:

Example Proofpoint URL Defense Link

If the link in your message is all text, it will appear as the following:

Uploaded Image (Thumbnail)

If a URL containing phishing or malware is clicked, you will see a message that the web page was malicious and blocked. Legitimate sites should load with no delay.

Proofpoint Blocked Site Notification

If you believe a website has been blocked unnecessarily or that a fraudulent site has not been blocked, please contact the Service Desk.

(Back To Top)

Managing False Positives

While Proofpoint filtering exhibits a high degree of accuracy, no automated system is perfect. The college receives thousands of emails every week, so it is inevitable that legitimate messages are sometimes incorrectly quarantined as spam. We recommend that you review your quarantined messages periodically, either in your end user digests or by logging into the Proofpoint web console.

Messages that Proofpoint incorrectly flags as spam are called "false positives" and Proofpoint takes these very seriously. Each message you manually release from your Proofpoint quarantine is reported directly to Proofpoint so that their engineers can analyze what went wrong and use that information to continually improve detection accuracy.

(Back To Top)

Print Article

Details

Article ID: 19790
Created
Wed 6/5/24 2:28 PM
Modified
Mon 6/24/24 1:58 PM

Related Articles (1)

How to Spot a Phisher
Phishing - What to watch out for and how to not be a victim of phishing attempts.