Phishing emails are so ubiquitous and so crafty that a good way of framing your email security is to pretend that any email you send is going to be public information. While that’s an idea that shows how easy it is for email to compromise your business’ data and your personally identifying information, it’s not very close to how most people and organizations use emails.
Proofpoint is a service that protects you from email attacks. Through various methods (including machine learning, intuitive reporting features, risky-user behavior detection, and more), Proofpoint can help minimize your exposure to ransomware, supplier fraud, or any other compromise to your organization’s email systems.
Of course, if you’re already using Proofpoint, you might already know all of that. Today, we’ll take a look at a few ways that you can improve on already great protection by fine-tuning your Proofpoint email protection.
1) Use Reporting and Labeling
One of the ways that Proofpoint gathers information about scams and threats is through user reporting. If something gets to your inbox and is suspicious, then it was likely sophisticated enough of an email to not be quarantined before it got to you. This means that reporting the email as spam will help prevent the same kind of email from getting through in the future.
You or an administrator can enable a spam-reporting footer to your emails, which makes it so you can scroll to the bottom of any email and click the link to immediately report the email as spam (or as not spam, if you’re looking at an already quarantined email). Similarly, if you or your organization has Email Warning Tags enabled you’ll see a warning tag—such as “Be Careful With This Message,” or “This Message Is From An External Sender” at the top of the email—and a single button to “Report Suspicious.”
2) Use the Safelist and Blocklist
There are a few scenarios where safe messages might get blocked for being suspicious on a routine basis. A common scenario where this comes up is when you have a resource that you use that sends messages on your behalf (like an external voice-mail system or document service). To make sure that that address can make it to your inbox reliably, add it to the Safe Senders List or Blocked Senders List.
If you have something specific that you need to block or unblock, you can view your Sender Lists by logging into Proofpoint’s website finding the Allow/Block Sender Lists tab..You could safelist or blocklist a specific email account, an IP address, or even a whole domain if you need to. Administrators can modify and build these lists how they need to as well, so they will have the final say on what can and cannot get through.
3) Review and Adjust the Spam Settings
While you’re there in your settings, Spam Settings is just a few spaces above. Here, you’ll find all of the tools for fine tuning the amount of email that gets blocked. Company-wide policies may be too permissive or too strict for one reason or another. If that’s the case, then you can set the Spam Sensitivity slider to a more strict setting with a lower number (2 or 3) or a more permissive setting with a higher one (15—22).
These numbers are provided to enable a very precise amount of control over how permissive the spam filter is, so if you’re not satisfied, keep checking your Quarantine Digest periodically and adjusting accordingly (which you can configure on the Digests tab). The Digest can show you daily reports of the spam that was blocked so you can review potential false positives. By reviewing these and reporting them (both false positives and false negatives) Proofpoint gets better at stopping future spam and phishing threats without quarantining too much, and it uses the information to better serve your entire organization.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team