Resources for regular Connect users can be found on our Email security for Connect users page.
Proofpoint PPS information for IT staff
While users should be able to perform for themselves most of the common functions related to the PPS, it is probable that they will encounter difficulty at some point and need the assistance of their departmental computing rep or local faculty IT computing contact/service desk staff.
For the initial rollout, IST would like to be as aware of and involved in as many issues as possible, so that we may address any structural or procedural deficiencies where it makes sense.
For all issues, please file an RT in the IST Request Tracker system.
- Create the ticket in the user's name (use their email address as the requester).
- Cc yourself and anyone else you want to be aware.
- Be as specific as possible: email addresses of sender and receiver, subject line, date and time sent, and so on. If the sender can get it, include the message ID from their mail system.
Accidental deletion from quarantine
If a user accidentally deletes an email from their quarantine that they wanted, it is still potentially possible to recover and release it with administrator privileges.
Suspected misclassification of malware
The malware quarantine is deliberately hidden from general access. If a user has reason to believe that their delivery was misclassified, system administrators can find and, if necessary, release the email.
Timestamps on releases from quarantine
When an email is released from a quarantine, the time displayed by many clients by default will reflect the date and time the email was released, not the time it was originally delivered. This may surprise or confuse some users. Most mail clients can display either or both the date sent and date received; IST recommends sorting by date received. It may sometimes take a minute or two for a release from quarantine to be actually delivered.
While users may whitelist individual sender addresses or domains, IST administrators can whitelist domains on a campus-wide basis if necessary. The judgement for necessity will initially lie with IST Information Security Services (ISS) staff.
SpamAssassin (SA) is still running on mailservices. While PPS will also process this mail, if a user has modified their SA rules, they may be inadvertently marking non-spam messages as such.
Junk folder vs. Quarantines
Depending on the user's Exchange configuration, it is possible that some email that makes it past Proofpoint will nevertheless find its way into the user's junk folder. Should this seem to be happening, look at the user's Inbox Rules. It is not recommended to use inbox filters (based on subject lines, particularly) in conjunction with PPS.
It is recommended that individuals protected by Proofpoint disable their Junk Mail filtering on Exchange.
Also known as "time of click protection", this is a feature where some or all URLs in some or all emails may be rewritten to afford an extra level of protection to users. This feature has been disabled in the Waterloo deployment of PPS.