Cracking the Inbox Code: ProofPoint

Proofpoint Spam Detection performs two analyses:

Connection Level Analysis Connection management features in Proofpoint Enterprise Protection test multiple connection-level data points including DNS, MX record verification, SPF, recipient verification, and reputation data. Proofpoint constantly monitors SMTP connections at the IP address level, looking for suspect or malicious activity. Based on this analysis, SMTP rate control is used to automatically block or throttle malicious connections.


Proofpoint performs Contextual, Lexical and Image-based Analysis of content and context of messages using structural tests, English and foreign language content inspection, malicious (spyware/phishing/pharming) URL detection, phishing attacks, image analysis, reputation analysis and any custom policies administrators have defined.


An add-on enhancement to ProofPoint's filtering is their URL Defense program.  If an email admin has enabled this program Proofpoint will re-write all URLs in an email with their own unique link.   [URL Defense FAQ's - Powered by Proofpoint Essentials]


How can you confirm if a URL has been re-written?


What happens when a user clicks on a re-written URL?

The user is redirected to the Proofpoint URL Defense service where the URL and website is analyzed.

    • If the URL is considered bad: The user will be shown a page informing them "The website has Been Blocked!".
    • If the URL is considered good: The user will be re-directed to the website.


Is there a noticeable delay when a user clicks on a defended URL?

    • No. Defended URLs are checked real-time to ensure that the latest status determines it to be safe.


How long will defended URLs continue to work?

    • Defended URLs will not expire. They will continue to function indefinitely.
    • If the redirection services is not available (i.e., we cannot verify the links reputation) we will redirect to the original link.


Will URL Defense protect a URL that is safe at one-time but becomes comprimised later?

    • Yes. Each time a URL is clicked the status of that URL is verified before the redirect is allowed.



Additional Troubleshooting:

As a sender, if you have the Email Deliverability PowerPack, you can refer to the headers to confirm if Proofpoint has flagged your mail as spam. Each mailbox provider can customize their own scoring rules but the following is the default.

0-49 is clean

50-94 is quarantined

95+ is discarded


Market share:

Proofpoint's secure email gateway is used by 4,000+ customers and 53% of the F100 and ~30% of the Fortune 1000.

Is this article helpful ?