If your organization uses Proofpoint for spam filtering, the steps you'll take to report spam and manage quarantine messages will be a little different than organizations using Microsoft 365 for spam filtering. Please follow the steps in this guide. And as always, if you have any questions or feedback on how to improve our guide, please don't hesitate to contact the Help Desk!
- What is the Quarantine?
- Managing Quarantine Messages
- Managing Quarantine Messages in the Web App
- Reporting Spam
What is the Quarantine?
The Quarantine is simply a place where messages are suspended if Proofpoint's filters suspect they are spam or contain a virus. You can review and take action on your own quarantined email through the End User Digest, detailed below. Messages that are not released from the Quarantine are automatically deleted after a period of time.
Watch this quick video to get a better understanding of how the filter works and how to manage your quarantine:
Managing Quarantine Messages in Outlook
❗ If you see an "End User Digest" email in your Inbox, don't ignore it! The digest email will contain a list of emails that have been quarantined by the Proofpoint spam filter and are awaiting action by you, as shown in the screenshot below.
In your email digest, you may see two sections: "Low Priority Mail - Quarantined" and "Spam - Quarantined". Here is an explanation of some of the actions you can take on those messages:
- Not Spam: Reports the message as a false positive, which helps Proofpoint improve its spam filters (you may still need to add the sender to your Safe Senders list).
- Report Spam: Reports the message as spam, which helps Proofpoint improve its spam filters (you may still need to add the sender to your Blocked Senders list).
- Release: Releases the message from quarantine to your inbox.
- Release and Allow Sender: Releases the message from quarantine to your inbox, and the sender is added to your personal list of safe senders.
- Additional options not pictured:
- Allow Sender: Adds the sender to your Safe Senders List.
- Block Sender: Adds the sender to your Block List.
Frequency of Proofpoint Digest Emails
The End User Digest email will typically come in twice a day, depending on your organization's policies. However, if you are expecting an email and you suspect it's stuck in quarantine, you can manually request new digest emails as frequently as you would like. Towards the top of the End User Digest email, you'll see three options, detailed below.
Request New End User Digest
Clicking this will open a new browser window confirming the request. Soon thereafter, you'll receive a new End User Digest email in your Inbox. This lets you see if messages have been quarantined since the last digest was received.
Request Safe/Blocked Senders List
Clicking this will open a new browser window confirming the request. Soon thereafter, you'll receive an email with a list of any emails on your Safe Senders List, as well as a list of emails on your Blocked Senders List.
Manage My Account
Clicking this will open a new browser window where you can do all of the above and a little more in the Proofpoint web app (the web app is detailed in the next section).
Managing Quarantine Messages in the Web App
💡 To find the web app outside of an End User Digest email:
At the bottom left of the web app are three sections, but we'll only go over two of them (the Profile section can be ignored):
Using the Lists section, you can manage your personal Safe Senders and Blocked Senders lists, adding new entries or removing existing ones.
❗ On adding an entire domain to your Safe Senders list
While you can do it, it's not always the best idea. When you add a domain name (e.g., yahoo.com) to your Safe Senders list, all email addresses from that domain will be considered "safe." That also means any malicious email from those domains will easily make their way to you.
Allowing an entire domain is useful if you are certain you wish to receive messages from any sender from a specific domain (i.e. coalition partners, co-counsel firms, etc.).
You should not allow entire domains for generic email services like google.com, aol.com, yahoo.com, outlook.com, etc., or any domains that may have addresses that are not known to be associated with a specific partner or firm. Doing so would allow any messages from that domain to be delivered to your inbox, including those from senders you do not know or who may not be safe.
Summary: In most cases, you should restrict your Safe Senders list to specific senders by using the sender's full email address (i.e. firstname.lastname@example.org).
Using the Quarantine section, you can apply bulk changes to your quarantine lists by selecting multiple messages, then either clicking Release and Allow Sender, Release, or Not Spam.
In the below screenshot, we clicked Quarantine at the bottom left, clicked the Spam - Quarantined folder on the top left, and finally clicked Options at the top right. Under the Options menu, we have additional options to Refresh the list, or even Delete All with no other action.
Here's an additional short video to introduce you to the Proofpoint web application:
If you receive a message which you think should have been flagged as spam, please send it to the Help Desk as an attachment (guide here on attaching email messages as attachments). Spam messages should not be forwarded - when a message gets forwarded, some of the message trace data is lost. Messages sent as an attachment retain their metadata, which the Help Desk needs in order to analyze the message.
The End User Digest email will come from an internal NoReply email address, but please remain vigilant in case bad actors try to disguise themselves as Proofpoint!
If you have any questions or issues, please do not reply to the Proofpoint email. Instead, contact the Help Desk.