When do they happen?
An end user of your organisation send an Email outbound and it got blocked by proofpoint for some reason.
Why was it blocked?
- Email had spammy elements
- Email contained a forbidden attachment
- Email was bonafied infected and the user's machine is compromised
- Email could have a link or URL embedded that links to a compromised website, either belonging to the organisation or a third party the user is are replying to.
What should we do?
System alerts contain links to the original message: these can be clicked on in order to view the message and release it if necessary. Messages that contain viruses or malicious attachments cannot be released.
First order of business would be to locate the message in the message log and look what it was blocked as.
>> How-to get detailed E-mail headers from the message log
If the message really is a false-positives, you can simply report it as an FP from the message log.
>> Reporting Spam and False-Positives to ProofPoint
If the problem is recurring, you should reach out to our support team.
Please provide us with the permalink.
>> How-to find the permalink (what is a permalink?)
>> Getting in touch with our support team & SLAs