FAQ For Proofpoint Protection Server (PPS) Users
This is a list of frequently asked questions for PPS users. It may be updated occasionally as new Questions become Frequently Asked.
Last Update: 2018-02-27
- Q1: User exclusion from filtering
- Q2: Whitelisting uwaterloo.ca addresses
- Q3: Quarantine seems empty
- Q4: Does Proofpoint delay my email?
- Q5: Why do we even need PPS?
- Q6: Why is some obvious spam getting through?
The short answer is no.
Email security gateways, like network firewalls, are most effective when as many people as possible are protected by their services. Thus, exceptions will only be granted after all other measures have been exhausted. End users should work with their local IT support staff in order to try to rectify any false positive findings by PPS.
While it doesn't happen often, CONNECT accounts are sometimes compromised and used to spam or phish other campus users. Implementing a whitelist would prevent PPS from protecting those other users. The current configuration will only catch a subset of these attacks. At a later date, IST will explore the possibility of sending all CONNECT email, both incoming and outgoing, through PPS.
I got an email saying I had messages in my quarantine, but the quarantine site isn't showing me anything.
This is a quirk with the way the quarantine page displays folders. After logging in, click on the Quarantine link at the bottom left, then click around amongst the various folders listed under My Folders at the top. This will force an update of the folder listing.
With the obvious exception of quarantined mail is not delivered until it is released, no, there is no extra delay introduced by PPS. If you suspect one of your emails has been delayed for some reason, please ask a local IT representative to examine the mail headers of the message in question.
The priority for Waterloo's mail gateway is to keep malware out of peoples' inboxes. In the recent past, massive malware attacks caused enough damage to normal campus operations to be of great concern. A service such as Proofpoint provides a key line of defence against such attacks. It is impractical for each of our clients to configure and maintain their own defences against such attacks. Additionally, Proofpoint does a better job of spam and phishing prevention than prior solutions on their own did.
Why is Proofpoint letting email through to my inbox that seems obviously illegitimate (e.g. spam, phishing attempt)?
Review the email to determine where it was originally delivered. Sometimes, when email is being forwarded from another campus system (e.g. from a faculty-run mail server into Connect) it masks the original source, which means Proofpoint is more likely to score the email low and allow it to be delivered to your inbox. If you are concerned about specific emails getting through to your inbox, please continue forwarding examples to firstname.lastname@example.org, however IST may not be able to prevent them from being delivered.