Spam and Phishing Filtering for Email – Proofpoint

From the Daily Email Digest

1. Click the subject to preview the email.
2. If you would like to add the email to the Block Sender list, navigate to the Email Digest Web App and follow the instructions below.

From the Email Digest Web App

1. Check the box next to the message(s) you would like to block.
2. Select Block Sender in the panel at the top of the page. This will block future messages from that sender.

• To delete spam, check the box next to the message(s) you would like to delete, and then click the delete button in the panel at the top of the page.
• To delete low priority mail, first release any message(s) that you would like to keep, and then you can delete all remaining messages by clicking Options in the panel at the top of the page, and then selecting Delete All.

Messages will still be filtered for a virus or inappropriate content.

The Safe Senders list is simply a list of approved senders of email. When a sender address is included in the Safe Senders list, the Proofpoint Protection Server does not filter the message for spam.

When you add a domain name (e.g., yahoo.com) to the Safe Senders list, all email addresses from that domain will be considered “safe.” You should restrict the safe list to specific senders by entering their full email addresses (for example, [email protected]).

From the Daily Email Digest

1. Click the Request Safe/Blocked Senders link in the upper-righthand corner of the Email Digest.
2. Check your email for a list of your Safe Sender and Blocked Sender addresses. Select Add to update your list(s).

From the Email Digest Web App

1. Select Lists near the bottom of the left-hand pane.
2. Add the full email address* to either Safe Senders or Blocked Senders.
   *If you only add the domain name (e.g. gmail.com) to the list, then all email addresses from that domain will be considered "safe" or "blocked". Generally it is best to only add full email addresses to these lists (e.g. [email protected]).

You cannot turn off the Email Digests completely, however you can turn off Low Priority (Bulk) Email Filtering. Spam will continue to be filtered, and you should continue to check for spam at least once every 14 days.

To turn off Low Priority Email Filtering:

1. Navigate to the Email Digest Web App.
2. Click Profile.
3. Click Settings.
4. Select Turn Off Low Priority Filtering (Continues to Quarantine Spam).
5. Click Save.

Turning off your Daily Email Digest is not recommended. It is possible that legitimate or important mass emails are being held for your approval. These will be permanently deleted after being held for 14 days. (NOTE: After several weeks of tuning your approved and blocked senders, your Email Digest should become shorter.)

1. Navigate to the Email Digest Web App.
2. Click Profile.
3. Click Settings.
4. Check / uncheck the option of your choice.

1. Navigate to the Email Digest Web App.
2. Click the down arrow next to your username (i.e. [email protected]) and click on the mailing list you wish to review.
   • If you do not manage any lists, you will not see a down arrow or any additional email addresses. Lists that end in @lists.columbia.edu are not eligible for a daily Email Digest.
   • If you do not see one of your @columbia.edu lists, please check with your colleagues that have admin access to that specific list. Proofpoint only permits one person (the first alphabetical administrator) to manage a shared list, but you can work around this by setting up forwarding in LionMail or Outlook so other list administrators receive the daily Email Digests. They can then manage the emails on hold from the email forwards.
3. Proceed as you would normally to review, delete and/or release emails.

1. Open a Daily Email Digest message and click on the three dots in the upper right-hand corner. Select Filter messages like this.

2. Enter the full group email address in the To field and select Create filter.

3. Place a checkmark in the Forward it to: option. Then select the receiver's email address from the drop-down menu. If it's not there, click add forwarding address and follow the prompts to create a new forwarding address to either a [email protected] or a group address (i.e. [email protected]).  When you are done, select Create filter.

1. Open a Daily Email Digest message and select Rules. Next, select Create Rule.

2. Place a checkmark in front of From CU Email Digest - Do not reply and Sent to [email protected], where GROUPNAME is the name of your mailing list group.

Then select Advanced Options.

3. Select Next on the following screen. (This should be pre-filled with the information that was included in the previous window.)

4. Place a checkmark in front of Forward it to people or public group, then select on people or public group in the lower portion of the window. Select Next.

5. Type in the recipients' email addresses, or choose them from your address book, Ensure that the addresses are separated by a semi-colon (;). Select OK.

6. Name this rule based on your preference. For example, "Forward spam/bulk email digest for GROUPNAME to colleagues". Select Finish.

You may continue to receive some emails in your LionMail Spam folder. Even with Proofpoint, not every "spam-like" email is caught, and in some cases, the Gmail spam filter may catch an email that Proofpoint does not. You should still continue to review your Spam folder in case something legitimate is accidentally held there.

You might be an owner of a mailing list and a digest is sent to the first alphabetical owner/administrator of a list. You can set up forwarding so the other owners/administrators of the list also receive the Daily Email Digest.

Check your LionMail spam folder. Gmail's spam filter may have flagged the same email for spam- or phishing-like qualities.

If this is an email subscription that you continue to want to receive, click Release, followed by Allow Sender in your daily Email Digest and the email will go to you inbox and future emails will not go to the Email Digest.

You can take action on up to five emails at once using the Email Digest Web App. Check the box next to the emails you would like to take action on and click Release, Allow Sender or Block Sender.

Yes. You can click the action links (Release, Release and Allow Sender, Allow Sender or Block Sender) directly from the daily Email Digest on your mobile device.

You can use a URL decoder to retrieve the original URL. To copy a URL in an embedded link, right-click (Ctrl+click on a Mac) on the link, and then select Copy Link Address, then paste it into the decoder.

You cannot turn off URL Defense as it provides an important layer of security to keeping Columbia user's data safe.

To embed the URL in text, double-click the word or phrase that you would like to make a link, and then type Ctrl+K (Command+K on a Mac). A window will pop-up and you can enter the URL into the field and save.

No. Even if you look at an email that is years old, the Proofpoint URL Defense link will continue to direct you to the proper URL.

Your password will expire after 90 days. You will see a “Days until password expiration” message when you open a secure message. Click the link next to the expiration message to reset your password.

Suppose you forget your password and your administrator assigns a new temporary password. In that case, you will have to reset your password and select new security questions the next time you open a secure message.

Additionally, you can request Proofpoint send you a change password link to your email address by clicking the “Forgot Password."

Read Your Message

For security reasons, you will not be able to save the secure message.

Click Logout when you are done.

CUIT has deployed Proofpoint, a leading email security vendor, to provide both spam filtering and email protection. As an additional effort to protect Columbia University users, CUIT has deployed a feature called Email Warning Tags. Email Warning Tags will notify you when an email has been sent following one of the parameters listed below. This notification alerts you to the various warnings contained within the tag.  Email Warning Tags are only applied to emails sent to Columbia University users who receive their mail in MS Office 365 or LionMail.

Personally identifiable information if obtained, can cause among other things; financial and reputational damage to the University and its employees. Phishing attacks often include malicious attachments or links in an email or may ask you to reply, call, or text someone.

As a result, emails with an attached tag should be approached cautiously.

Tag Example:

The tag is added to the top of a message’s body.  The specific message for each tag is displayed in the message to the recipient and also provides a link for further information. The table below illustrates the Email Warning Tags you may see in your messages using the default tag titles and descriptions provided by Proofpoint:

The following screen shots illustrate examples of tagged messages in your inbox.

These warnings added to emails coming from outside Columbia have become a security best practice and are in place at many universities.  We continue to have Columbia community members be the victims of phishing and other scams that come from outside entities, and this provides a warning to look carefully before clicking or responding.

Email is one of the most common methods for infiltrating an organization's cyber-infrastructure. These tags serve as visual cues to prompt caution and verification before interacting with content received from external services. This assists with compliance with the CIS Critical Security Controls 14.2, "Train Workforce Members to Recognize Social Engineering Attacks".

No, the Email Warning Tags are global and cannot be individually managed.

The Email Warning Tag will be removed from your message when you reply to or forward a tagged message to an external recipient.

Note: The Email Warning Tag is removed when a message reply or forward is sent to an external email address. If the message is forwarded to another internal email address, such as another employee's address, the tag is not removed.