OVERVIEW
This document is to make sure Proofpoint is configured correctly and that your domain is protected against any spam threat.
If you feel that you are getting a lot of SPAM, phishing etc. You might need to check this document and make sure you follow the recommendation.
1. Spam Sensitivity
One of the most occurring issue to let spam go through is the fact that the configuration is set to let more messages go through and block only few. This setting is normally configured by setting the scanning level to a higher number than 7. In this case we need to make sure that you are using the default value “7” and in some cases you might need to lower it down to 6 or 5 be more restrictive.
Attention: Setting up the scanning level to 6 or 5 might increase your false positive rate
2. URL Defense
This feature is available in Business, Advanced, and Pro packages
This feature scans all incoming messages for bad URLs in the message body against a database and block the message if URL is found if not, the URL is rewritten and sent to the user’s Inbox and each time the user clicks on that URL it always gets verified by Proofpoint to make sure the URL is still valid and then opens the message or show a message that the link seems to be malicious.
3. Phishing Settings
Quarantine email suspected of being phishing and Require Administrators to release Phishing Email are set to YES. This feature blocks any message that is suspected to be Phishing. These messages will be sent directly to the quarantine and ONLY administrators can release it. Note that theses messages will be visible on the digest report but users cannot release it without admin consent.
4. Attachment Defense Reputation
Attachment Defense available on Business, Advanced, Pro packages
Attachment Sandboxing available in Advanced and Pro packages
Attachment sandboxing is a feature that scans all incoming mail with attachment in a safe environment like a Virtual machine and open the attachment, search for any payloads or any misbehavior, and if any is detected the message is blocked.
5. Configure SPF, DKIM and DMARC for your domain
In your DNS registrar configure SPF, DKIM and DMARC for your domain to protect all your outbound messages to your client, this way messages received from your domain are checked again these records to confirm the authenticity of your messages. This records also protects from spoofed messages
For DKIM configuration you can check this link <click here>
6. Enable the Anti-Spoofing Policies
Enabling this feature will help prevent receiving spam messages from malicious senders using valid domain in their Header/Envelope From email addresses.
7. MX Records
MX records can sometimes be the back door used by spammers to send directly spam to users, therefore it is absolutely necessary to make sure your MX records are only pointing to Proofpoint’s MX records
| Proofpoint Essentials-US | Proofpoint Essentials-EU |
mx1-us1.ppe-hosted.com mx2-us1.ppe-hosted.com | mx1-eu1.ppe-hosted.com mx2-eu1.ppe-hosted.com |
8. Trusted Sender's List
One of the first things you need to check when you are experiencing spam issue is to verify the trusted list and remove any bad entries such as Baduser@domain.com or full domain *@domain.com
