Information Technology Services

Home / News / Proofpoint Email Protection

Proofpoint Email Protection

During this time of virtual living and working, phishing scams are rampant across the world. In an effort to help protect user accounts and data, Brandeis uses Proofpoint email protection for faculty and staff accounts.

Proofpoint URL Defender

The security team recently enabled additional email protection in response to increased sophisticated phishing and other attacks. Proofpoint, our email security vendor, protects against malicious embedded links. It automatically scans email messages and then rewrites the URLs associated with the links so they are visible to recipients and safe to click.

Messages originating from Brandeis.edu and messages sent using the Slate (Technolutions) platform avoid the scanning and rewriting process. This “trusted source” security exception, approved by University leadership, was implemented to facilitate communication from platforms managed internally by Brandeis.

Why was Proofpoint URL Defense added?

Brandeis has seen a sharp increase in the number and sophistication of email phishing attempts. Many unsuspecting users click on links that, at first glance, appear to be from a trusted source, only to discover their credentials or other personal information was compromised. Unfortunately, several successful phishing attacks have resulted in significant monetary losses and an increased risk of data disclosure to the University. It is vital that we do all we can to reduce this risk.

How does Proofpoint URL Defense work?

Proofpoint URL Defense increases network security by making URLs visible to users so they can quickly detect false or malicious links. It scans emails received on the Brandeis.edu domain to ensure any included links are safe and then rewrites the URL. Rewritten links start with https://urldefense.com/. Although the visible link text appears as a hyperlink, users will see it rewritten to include https//urldefense.com when they hover their mouse over that link.

Proofpoint In Action

InBrief article with links written out as text

In the above example, URL Defense has successfully scanned for malicious links and rewritten the URLs to make them visible to recipients. These links are now safe to click.

Here’s what URL Defense does with each email:

A link is detected by Proofpoint and scanned for malware.
The linked URL is displayed as text.
The URL is rewritten and visible when hovering over the link (#1 and #2)

FAQs

Expand All

When is URL Defense Applied?

Will all messages be defended?

How can you confirm that the URL has been rewritten?

What happens when a user clicks on a rewritten URL?

If Proofpoint detects a fraudulent site in an email, what happens?

Does Proofpoint URL Defense cause a delay?

What about URLs in attachments?

What happens when you forward an email with a rewritten URL?

Once URL Defense has rewritten a URL, the URL will remain rewritten if the message is forwarded or replied to. Additional links added to the message being replied to or forwarded will not be rewritten.

You may want to consider similar language when forwarding an email that Proofpoint has rewritten to an external user:

“Proofpoint's URL Defense product protects Brandeis emails. Hyperlinks in this email may begin with 'urldefense.proofpoint.com' and have a generally long format."

Is there an exception process for URLs not to be rewritten?

I use a third-party system (Constant Contact, Mailchimp, etc.); can it be included as a “trusted source?”

Please Note: While ProofPoint's URL Defense mitigates the threat of malicious links in email, it doesn't guarantee that every link contained in the incoming, external email to brandeis.edu is safe to click. Please continue to exercise caution when inspecting URLs embedded in email and attachments.

About Proofpoint

Proofpoint serves as an additional layer of protection to your account. Proofpoint safeguards you and your email in two ways. First, the email filtering system will automatically determine if an email is spam (e.g., marketing, cold sales, etc.) or bulk (e.g., newsletters, other mass mailings, etc.) and will quarantine the message(s). By default, spam email is automatically filtered (per ITS Security requirement). You can, optionally, enable the bulk email filter that identifies messages from mass mailings (e.g., newsletter). You can control what reaches your mailbox including the ability to manage lists of allowed and blocked addresses.

In addition to email filtering, Proofpoint provides security protection for all website links in an email message. When clicking on a URL, it will pass through Proofpoint's layer of security to verify if it is a known malicious link; if deemed to be safe, the site will load as expected. The use of Proofpoint URL protection works seamlessly and in the background for all users.

Where can I learn more?

Visit the email protection webpage which includes getting started guides and video tutorials for email digest, web digest and FAQs. If you have any questions about Proofpoint and general security practices, please contact security@brandeis.edu.