Skip to main content

Improved Protection from Malicious Emails Coming in June

Posted Date: 25 May 2016

Modified Date: 25 May 2016

Effective Date: 25 May 2016

On June 15, Northwestern Information Technology (IT) will be taking steps to to better protect the Northwestern community from malicious emails, including phishing and targeted attacks, by upgrading the University’s Email Defense System (EDS) from Symantec to Proofpoint.

Proofpoint will scan all incoming mail, delete identifiable malware and junk email, quarantine potential junk email before delivering messages to Northwestern users, and allow users to set safe and blocked senders. Proofpoint also includes improvements that will help decrease the junk and malicious email received by the community, such as:

End User Impact

Most users should notice little to no change after the system is upgraded. However, there are some new features that the community should be aware of:

URL Protection

Proofpoint will provide improved scanning for attachments and URLs that may contain malware or phishing. As part of this process, Proofpoint rewrites hyperlinks in emails so websites can be checked for malicious activity before users access them. Please note that URL rewriting is an automated process. Proofpoint does not monitor or read email messages.

If users hover over a rewritten link, they will see https://urldefense.proofpoint.com/v2/url?= added to the beginning of the original link followed by a string of letters and numbers. If a URL containing phishing or malware is clicked, users will see a message that the web page was malicious and blocked. Legitimate sites should load with no delay.

Example:

BEFORE URL rewriting--HTML email with an embedded link 

Email with embedded link

AFTER URL rewriting--HTML email with an embedded link

Email with embedded link

BEFORE URL rewriting--Plain text email with a link

Image of an email with a link to Microsoft's website

AFTER URL rewriting--Plain text email with a link

Email with Proofpoint email link

Setting Safe and Blocked Senders

As with the current EDS, users can set safe and blocked senders, however previously established senders will not be moved to Proofpoint. Instructions for re-establishing safe and blocked senders will be available in the Northwestern IT Knowledge Base after the upgrade.

Please note that these safe and blocked senders are not the same as safe/blocked senders in Outlook and should be managed separately.

New Email Quarantine Digest

Similar to the current EDS, suspicious emails will be quarantined by Proofpoint. Users can opt to receive an email digest listing their quarantined messages. The digest can be used to review, accept, or safelist messages. Instructions for opting into receiving these digest emails will be available in the Knowledge Base after the upgrade.

Additional Information:
Back to top