Email, Spam Control, URL defense re-writing frequently asked questions
On this page you can find answers to common questions about Proofpoint URL re-writing.
How will this look in non-html messages (or where view as HTML is turned off)?
Plaintext email is not being rewritten. However, if an email was originally written as HTML and you are reading it as plaintext you will see the full rewritten URL.
Can customers opt-out (if they don't like the reformatting issues for example)?
There currently is no opt-out process in place. However the request can be escalated to the service manager for input on possible options.
Will
the links still work after some indefinite period of time? (such as
when Proofpoint isn't the low bidder for the next renewal - or does that
make for permanent lock-in) or proofpoint is unreachable?
The links will work indefinitely, even if we cease being a Proofpoint customer.
Will
Proofpoint's visiting the site to scan it before redirecting the
customer invalidate one-time use URLs (like password reset messages, or
redeem-once offers) before the customer sees them?
No it will
not invalidate one-time use URLs because Proofpoint does not visit the
site, the URL is simply rewritten. The first visit occurs when the
customer clicks on the rewritten link and it is at that time the site
link is evaluated.
Will forwarding a message with the
rewritten links make your outgoing messages look more spammy to some
third-party anti-spam solution that's used by a third-party recipient
because the links point to some weird location that appears unconnected
with the title of the link?
This should not be an issue. It was
not experienced during testing. That said if problems arise during a
larger roll we will address the issue as soon as we are notified.
Does Proofpoint log and/or track link visiting activity?
Proofpoint
logs when someone clicks a link. That is the extent of logging. This
information is presented to UIUC which is used to identify any account
the clicked on a malicious link that previously was not considered
malicious. At the point the Security office can follow up with that
individual to ensure their credentials are not compromised.
What
info is encoded in the long random looking strings? Is it
unique/traceable back to individual emails or will a link to
illinois.edu always be encoded the same?
The encoding includes
the original link, the original recipient, and a security identifier
that links it to the UIUC instance of Proofpoint.
Will PGP Signed messages be invalidated due to the rewriting?
Only HTML PGP signed messages received from a non-campus email account or via our campus mailing list will be invalidated. Plaintext PGP signed messages will not have links rewritten and will not be invalidated.
If
it doesn't impact Exchange to Exchange messages, how will this help
with compromised campus accounts sending spam to other customers?
(Other than by possibly reducing the number of compromised accounts)
This
isn't perfect, no. Typically we see a phishing message come in from
outside campus, somebody falls for it and then it bounces around inside
Exchange. If we can prevent patient zero (or reduce the number of
patient zeros) we'll be in a much better position. But in the future we
should look at strengthening other protections including those within
Exchange. There are also other protections in place that help in this area.
I've been taught to hover over the link in the
email to make sure the web address matches the link. Does this mean I
shouldn't do this anymore?
We realize this will introduce
complexity for you. It's not ideal. But given the number of compromised
accounts we see because people aren't checking links this seems to be an
appropriate response. Part of the reason we're going with the URL
labelling instead of the straight link rewriting is to better educate
the readers to where a link is going to take them (which is more than
they're getting right now). And we are telling people to look for the
Proofpoint URL if they do the hover over (for the few who do).
I use Thunderbird and messages are now being flagged as junk. Is this a result of URL re-writing?
We have seen some reports of this, although we have not been able to track down a definite resolution. You can try tweaking settings per email account in Junk Settings under Account Settings to see if this helps.
How then will I be able to purchase counterfeit pharmaceuticals and claim the million dollars that someone left me?
Please continue to do that on your own time, with a non-University account.