Proofpoint is the University's email security gateway, providing additional malware, phishing, spam, and targeted attack protection. Proofpoint offers additional email threat protection features to end users like Personal Email Quarantine and URL Defense.
Proofpoint is the University's email security gateway, providing additional malware, phishing, spam, and targeted attack protection. Proofpoint automatically evaluates all incoming email and protects against spam, malware, phishing, spoofing, and enforces other content policies for the University. Email messages that are evaluated as spam will be delivered to a user’s personal quarantine for their review instead of being sent directly to their inbox. This personal quarantine serves as an additional layer of defense while still providing users with the control to manage the emails that Proofpoint is filtering. Each user/account has their own personal quarantine. Users will be notified of new messages in their personal quarantine via a daily digest sent by email. Users can also review messages in their personal quarantine at any time by visiting the quarantine web portal. Messages stored in a user’s personal quarantine will be automatically deleted after 30 days.
Note: to better protect users, Proofpoint will block highly malicious types of email (phishing, malware, etc.) before ever reaching a user’s personal quarantine or inbox and, thus, users will be unable to interact with these more dangerous types of messages.
Users will receive a daily digest that will provide a list of any new emails that have been placed in their personal quarantine within the last 24 hours. These daily digests will be delivered to users every day beginning at 7:00 AM. Emails in a user’s personal quarantine are organized into spam or low priority (unsolicited invitations, newsletters, etc.) categories. From the emailed daily digest, users can review the sender, subject, and sent date/time of an email and can perform quick actions to release an email to their inbox or add a sender to their personal safe list. From the daily digest, users can also quickly pivot to the email quarantine web portal to further manage their personal quarantine.
Quarantined email in both the daily digest and web portal will be organized into two categories: Spam and Low Priority. In the daily digest, separate tables for Spam and Low Priority (with one email per row) will be presented to users. In the web portal, users will need to navigate between the Spam and Low Priority folders using the left-hand folder navigation menu.
Spam
Spam emails, sometimes referred to as “junk emails”, are unsolicited email messages. Often these messages are sent in bulk and will contain advertisements or will be commercial in nature. Spammers obtain email addresses from compromised websites or email lists, by harvesting compromised users’ address books, or by buying/trading address lists with other malicious actors. Some spam messages are not only annoying, but potentially harmful - used as a mechanism to direct users to malicious websites, broadly drop malicious programs or files as attachments, or con/scam users out of money.
Low Priority
Low Priority emails are often newsletters, invitations, or announcements from companies or services that users may have knowingly or unknowingly signed up for. Sometimes services that users sign up for may not inform users that they will be adding them to mailing lists or may share a user’s email address with other businesses without plainly stating it to users at the time of sign-up. What is considered wanted or unwanted low priority email may differ from user to user, so it may be prudent to more carefully review messages quarantined as low priority.
Click on Profile (bottom left hand column). In My Settings, under What type of spam detection do you want?, select Restrictive to include "low priority" email message filtering.
Users will receive a daily digest to their inbox every day beginning at 7:00 AM if there are any new emails in their personal quarantine. If there are no new emails in their personal quarantine since the last daily digest was sent, users will not receive a scheduled daily digest. Users can also manually request an on-demand digest at any time by visiting any recent daily digest and clicking on the “Request On-Demand Quarantine Digest” link. The on-demand digest will show any new emails in their personal quarantine since the last daily digest in addition to any emails currently stored in their personal quarantine.
Web Portal
Users can access their personal quarantine web portal by visiting quarantine.hawaii.edu (available after Proofpoint's implementation on 5/22/2023). Users can also pivot to the web portal from any daily digest by clicking on the “Manage My Quarantine (Quarantine Web Portal)” link, or by clicking the Proofpoint icon in their Google App Drawer .
To release quarantined items from your daily digest to your inbox, click on the “Release” link under the “Action” column next to the email you want to release. Repeat this process for any other emails in your daily digest that you wish to release. Optionally, you can also click “Release and Allow Sender” to release the quarantined email to your inbox and allow all future emails from the sender to bypass your personal quarantine.
Web Portal
To release quarantined items from the Web Portal, tick the checkbox next to an email or multiple emails that you want to release to your inbox, then click “Release” in the toolbar. You can also click into an individual email to view additional details and then click “Release” in the toolbar. Optionally, you can click “Release and Allow Sender” to release selected quarantine emails to your inbox and allow all future emails from those sender(s) to bypass your personal quarantine.
Adding senders to your safe senders list allows all future email sent from an address to bypass your personal quarantine and flow directly into your inbox regardless of whether Proofpoint evaluates the email as spam or low priority. This is useful if you trust all emails coming from a particular source and their emails sometimes end up in your personal quarantine.
Adding senders to your blocked list causes all future email sent from an address to always filter into your personal quarantine and never flow directly into your inbox. This is useful if you would like to block all future emails coming from a particular source.
To add senders to your safe senders list from your daily digest, click on the “Release and Allow Sender” link under the “Action” column next to the email sent by the address you wish to safe list. This will release the email to your inbox and add the sender to your safe senders list. Repeat this process for any other emails in your daily digest with different senders that you wish to safe list.
Web Portal
To add senders to your safe senders list from the web portal, tick the checkbox next to an email or multiple emails sent by addresses you wish to safe list, then click “Allow Sender” in the toolbar. You can also click into an individual email to view additional details and then click “Allow Sender” in the toolbar. Optionally, you can click “Release and Allow Sender” to both release the selected quarantine emails to your inbox and allow all future emails from those sender(s) to bypass your personal quarantine.
Adding senders to your blocked senders list is currently not available using the daily digest. You will need to use the web portal, instead.
Web Portal
To add senders to your blocked senders list from the web portal, tick the checkbox next to an email or multiple emails sent by addresses you wish to block list, then click “Block Sender” in the toolbar. You can also click into an individual email to view additional details and then click “Block Sender” in the toolbar.
Your safe and blocked senders lists can be managed in the web portal. Actions available include adding new entries, editing existing entries, or deleting existing entries.
Daily Digest
Managing your safe/blocked senders lists is currently not available using the daily digest. You will need to use the web portal, instead.
Web Portal
To manage your safe/blocked senders lists from the web portal, click on “Lists” in the lower left-hand corner. In the left-hand navigation menu select the list you’d like to manage - either “Safe Senders List” or “Blocked Senders List”. From here you will see a list of all entries in your selected list. To add a new entry, click "New" from the toolbar. To edit an existing entry, tick the checkbox next to the entry you wish to edit then select "Edit" from the toolbar. To delete an existing entry, tick the checkbox next to the entry you wish to edit then select "Delete" from the toolbar.
Note: removing an entry from your blocked list will not guarantee that the sender’s email will always be delivered to your inbox - their email will still be evaluated and potentially filtered into your personal quarantine unless you specifically add them to your safe list. Similarly, removing an entry from your safe list will not guarantee that the sender’s email will always be filtered into your personal quarantine - their email will still be evaluated and potentially allowed to flow to your inbox.
You can request an on-demand digest at any time to see an up-to-date list of emails contained in your personal quarantine. Note that, unlike the automated daily digests which only show emails that arrived in your personal quarantine since the last daily digest was sent, on-demand digests will list the latest (chronological) emails in your personal quarantine.
Daily Digest
From any daily digest email, click on the “Request On-Demand Quarantine Digest” link.
Web Portal
From the web portal, select “Options” from the toolbar, then “Request Digest”.
From the web portal, click “Profile” in the lower left-hand corner. Next, uncheck “Send digest with new messages in my Email Quarantine Daily Digest” option, then click “Save”.
You can opt back in at any time by returning to the web portal and checking that option again.
How long are emails stored in my personal quarantine?
Email is stored for 30 days in your personal quarantine. Any email older than 30 days is automatically deleted.
What if I want to keep an email for longer than 30 days?
It is recommended that you release any emails that you’d like to store longer-term to your inbox.
I didn’t get a daily digest today. Why is that?
You will only receive a daily digest if new emails have been filtered to your personal quarantine since the last time you received a digest.
Do I need to take any action on messages in my personal quarantine?
It is recommended to review your daily digests for email that you want to release to your inbox. As email in your personal quarantine will be deleted after 30 days, you have a limited window within which you can review and release emails in your quarantine.
For email that you do not want to release, no further action is required on your part. Email can simply remain in your quarantine until they are deleted after 30 days.
Do I need to delete email in my personal quarantine?
No, email will be automatically deleted after 30 days. You do not need to manually delete email in your personal quarantine.
Can I change the time at which I receive my daily digest?
Unfortunately, no. Users cannot specify at which time they will receive the scheduled daily digests. Digests are currently scheduled to be sent beginning at 7:00 AM daily. Alternatively, users can request an on-demand digest at any time or visit the web portal to review their personal quarantine at any time.
I can’t find a message in my personal quarantine. Where did it go?
Emails are only stored in your personal quarantine for 30 days. If the email you’re looking for is older than 30 days, it will have been deleted.
If you had already released an email from your personal quarantine, you will find it in your inbox or possibly other folders/labels at your Google@UH Gmail (remember, any filters you have configured within your Google@UH gmail will still trigger on matched email released from your quarantine).
If you have many messages in your quarantine and are having trouble finding what you're looking for, try searching your quarantine for the sender or a part of the subject by clicking “Find” in the toolbar of the web portal.
Will I see all filtered messages in my personal quarantine?
All spam and low priority email quarantined within the last 30 days will be visible in your personal quarantine.
To better protect users, proofpoint will block more dangerous or malicious types of email (phishing, malware, etc.) before ever reaching a user’s personal quarantine or inbox and thus users will be unable to view or interact with these types of messages.
How do I identify my daily digest?
You will receive your daily digest every morning beginning at 7:00 AM. Other details of the daily digest are as follows:
subject: Email Quarantine Daily Digest: X Total Messages (‘X’ representing the number of new messages that have been quarantined since the last daily digest was sent)
What’s the difference between the “Release” and “Release and Allow Sender” actions?
“Release” will release a message from your quarantine to your inbox. “Release and Allow Sender” will both release a message to your inbox and add the sender of the email to your safe senders list, allowing all future email from that sender to bypass your personal quarantine and always arrive in your inbox.
What's the difference between my personal quarantine and my gmail 'Spam' folder?
In concept, the two are very similar. However, Proofpoint's personal quarantine adds an additional layer of defense by safely allowing users to review messages before they arrive in their inbox. This can help prevent accidental clicks on advertisements or attachments, the loading of tracking cookies/images, and unintentionally providing data on your activity to third parties.
Proofpoint is the University's email security gateway, providing additional malware, phishing, spam, and targeted attack protection. One of the security features provided by Proofpoint is called URL Defense. URL Defense works by rewriting URLs (web addresses and links) in emails as they pass through our Proofpoint gateway on their way to your inbox. By rewriting URLs, Proofpoint is able to send all “clicks” of a URL to an isolated sandbox and scan the destination website to ensure it’s safe before you visit.
Email-based attacks, especially phishing attacks, are often triggered when users click on malicious links (URLs) provided to them in email. Malicious actors often try to imitate the URLs of legitimate websites or hide malicious URLs behind shortened URLs to obfuscate the actual website users will visit upon clicking. The malicious website may closely resemble a login page the user is accustomed to in an attempt to fool even the most vigilant of users into logging in, thereby exposing their credentials and providing the malicious actor with an avenue into the user’s email or other systems. The malicious website may have been developed with the intent to exploit browser or OS vulnerabilities and infect the user’s device with ransomware, cryptojacks, or other malware. Once infected, malware often scans local networks, hunting for other devices vulnerable to infection - sometimes lying dormant on host devices for hours, days, or weeks to prevent detection - before initializing and executing its attack.
This all starts with clicking a link sent via email. URL Defense works by rewriting URLs before they reach your inbox. When a rewritten URL is clicked, URL Defense will open the destination website in a remote sandbox in order to safely scan the website before your visit. If a website is determined to be safe, URL Defense will seamlessly forward you along to the destination website. If the website is determined to be malicious, URL Defense will not send you to the website and will instead display a message to inform you that the site has been blocked and why.
In the email body text, a rewritten URL will appear no different from when it was sent. However, when hovering over or inspecting URLs, you will notice that rewritten URLs begin with https://urldefense.com/… or https://urldefense.proofpointcom/… This is normal and is an indication that URL Defense will be used to scan the website before your visit.
No, URL Defense is device and network-agnostic. URL Defense will work to protect you whether you are using Google@UH Gmail on the web, a mail client like Outlook or Thunderbird, or checking your email on your mobile device.
“Delayed phishing” or “post-delivery weaponization” is a process where a malicious actor initially sends an email with a link that routes to a harmless website, then later weaponizes the link by redirecting to a malicious site or replacing the harmless website content with malicious content. This is effective in fooling some email protection methods that only scan websites upon email delivery, leaving users who view the email after the link has been weaponized vulnerable.
Conversely, URL Defense performs its scans of websites when a link is clicked by a user and thus is still effective in blocking delayed phishing attacks. Regardless of if or when a destination website changes, URL Defense will always scan the website you’re about to visit.
If URL Defense identifies the website you’re about to visit as malicious it will send you to an informational page explaining that the website was blocked and why. You will not be directed to the destination website. Blocked pages are automatically reported for analysis and no further action is needed on your part.
