Proofpoint at UH

Proofpoint Email Protection is an industry-leading email gateway which is deployed as cloud service. It utilizes advanced machine learning technology to analyze and classify inbound emails to addresses that have a Google@UH inbox. As part of our initial implementation we are enabling additional Spam detection engines, End user services for Spam and Bulk management, Targeted Attack Protection, and Threat Response Auto Pull

Why is ProofPoint required?

Email is one of the largest attack vectors for any organization, and UH is no exception. To keep up with the increasing threat landscape and the amount of email threats, additional safeguards are being needed to help reduce the likelihood of a security breach. This service will also help us understand the types of threats targeting our university community.

Spam detection module – Stateful Composite Scoring Service (SCSS)

The Stateful Composite Scoring Service allows users to personalize email scoring – it improves spam effectiveness, reduces false-positives, and improves the overall user experience.

  • Spam Quarantined: Spam emails, sometimes referred to as “junk emails”, are unsolicited email messages. Often these messages are sent in bulk and will contain advertisements or will be commercial in nature. Spammers obtain email addresses from compromised websites or email lists, by harvesting compromised users’ address books, or by buying/trading address lists with other malicious actors. Some spam messages are not only annoying, but potentially harmful – used as a mechanism to direct users to malicious websites, broadly drop malicious programs or files as attachments, or con/scam users out of money. These messages will be available in a users digest.
  • Low Priority: Low Priority emails are often newsletters, invitations, or announcements from companies or services that users may have knowingly or unknowingly signed up for. Sometimes services that users sign up for may not inform users that they will be adding them to mailing lists or may share a user’s email address with other businesses without plainly stating it to users at the time of sign-up. What is considered wanted or unwanted low priority email may differ from user to user, so it may be prudent to more carefully review messages quarantined as low priority. These messages will be available in a users digest. When messages are classified as Low Priority, and users provide feedback, the SCSS trains on the characteristics of those messages to classify future messages as Low Priority.

Quarantine Daily Digest

The daily digest allows users to preview messages without the message being in their inbox. This prevents users from accidentally clicking on links when reviewing suspicious emails in their mailbox. Users will receive a daily digest that will provide a list of any new emails that have been placed in their personal quarantine within the last 24 hours. These daily digests will be delivered to users every day at 7:00 AM. Emails in a user’s personal quarantine are organized into spam or low priority (unsolicited invitations, newsletters, etc.) categories. From the emailed daily digest, users can review the sender, subject, and sent date/time of an email and can perform quick actions to release an email to their inbox or add a sender to their personal safe list. From the daily digest, users can also quickly pivot to the email quarantine web portal to further manage their personal quarantine and by providing feedback through the end user web portal users are able to train the Stateful Composite Scoring Service.

Learn how manage your quarantine at

Targeted Attack Protection (TAP)

Traditional solutions that scan files based off reputation and signatures are no longer sufficient in our society. With Targeted Attack Protection, emails with attachments are held until a verdict is determined and all rewritten URLs are analyzed each time a user clicks on the link. This protects users even if a site were compromised after an email was delivered.

  • Attachment Defense: TAP can open and sandbox many Microsoft Office and PDF files—even those that attackers have locked with a password or compressed multiple times. Safe emails are delivered, malicious emails are blocked and threats quarantined.
  • URL Defense: TAP inspects URLs that link to malicious web pages and attachments. Messages containing malicious URLs are immediately quarantined and all other URLs are rewritten to track, scan and block clicks. Based on the verdict from sandbox inspection, TAP redirects clicks to the original web page or a customizable block page that prevents access to unsafe sites.

Informational Webinar and Slidedeck [UH Login Required]

Learn more about URL Defense at