Proofpoint Spam Management Guide

These FAQs explain our Proofpoint spam filtering system, and how WCM processes emails that originate from outside the college. It will answer common questions about the tools that you can use to manage your personal spam account and quarantine.

About Proofpoint

What is the Proofpoint spam management system and why do we use it?
The Proofpoint spam management system is an email filtering tool. To protect WCMC from virus attacks and to protect you from receiving hundreds of spam messages, all incoming email is filtered by Proofpoint, which is an anti-spam and anti-virus product.

How does email filtering work?
All incoming email is filtered by a server. Messages that contain a virus, or spam, or inappropriate content can either be deleted or "scored."  In the case of spam, the message score indicates the probability that the message is spam --- so a message scoring 100 would have 100% chance of being spam (definite spam) and a message scoring 0 would have 0% chance of being spam (legitimate correspondence). Messages scoring high enough to probably be spam are quarantined, and messages scoring below 50 are sent directly to your inbox.

I got an email that I think is spam. Who should I contact? 
If an email makes it past the new spam filter into your inbox, please follow these instructions to report it to ITS.

Blocks on suspicious hyperlinks

Does Proofpoint protect against dangerous URLs?
Yes, the new Proofpoint spam service will help protect you from specific threats that are distributed via email, including phishing and targeted attacks. Proofpoint's URL Defense protects you and WCM's network resources by blocking access to malicious websites. Links in all email messages are evaluated using a variety of sophisticated techniques to determine the likelihood that they lead back to phishing or malware websites.

If links can't be definitively classified as safe when the message is received, the URL is rewritten so that clicking it will cause URL Defense to evaluate the linked website a second time. If the link is safe, you will see no difference. If it is malicious, you will see a notification in your browser like the following:

Proofpoint - URL Defense

I’m having difficulty with a link that Proofpoint has rewritten. Is there any way to restore it?

Yes! Just copy and paste the rewritten URL into the Proofpoint URL Decoder and you’ll be given the original URL. Please remember to use caution in visiting the link if you’re unsure of its origin.

 

Spam Quarantine

 

What is the Quarantine?

The Quarantine is a location on a server (antispam.med.cornell.edu) where email messages that are suspected to be spam are stored temporarily so that they can be reviewed and retrieved if necessary. System administrators have the ability to search for messages on a user's behalf. You may also review and take action on your own quarantined email through the use of the End User Digest. Messages that are not released from the Quarantine are automatically deleted after a designated period of time.

How do I access the Quarantine?
You can access your spam management account and Quarantine at antispam.med.cornell.edu. Log in with your CWID and password.

Is my old spam portal and quarantine still available? How do I access it?
Yes, you can access the old spam management system at antispam-old.med.cornell.edu by logging in with your WCM CWID and password.

Can I access the antispam quarantine remotely? 
Yes, you can access the system from anywhere.

How do I view messages that have been caught by the email filter and are in the Quarantine?
Log into antispam.med.cornell.edu with your CWID and password. Click Quarantine on the left side to view your messages in the Quarantine. This page displays messages addressed to you that were classified as spam and are sitting in the Quarantine. 

Proofpoint - Quarantine

I see an email in the Quarantine that is not spam. How do I release it to my inbox? 
If you see a message in your Quarantine that is not spam, there are a few things you can do. First, click on the check box next to the message. Then, click on Options at the top of your screen. From here, you can apply several actions to email that is not spam:

  • Release: releases the message to your inbox.
  • Not Spam: releases the message to your inbox, and in the future, messages like this one will not be classified as spam.
  • Safelist: adds the sender of the selected message to your Safe Senders list.

How do I delete my messages in the Quarantine?        
You don't need to delete quarantined messages. They will automatically be deleted after 14 days.

I did not receive an email I was expecting. How can I check to see if it might have been caught in my spam filter?
You will receive a spam End User Digest email once a week listing all emails that have been blocked by the spam filter. In addition, you can always log into antispam.med.cornell with your CWID and password and click "Quarantine" to check for emails that have been caught. 

End User Digest

What is the End User Digest?
If email messages addressed to you were sent to the Quarantine, you will receive an email notification, with the subject line End User Digest, in your mailbox. The Digest provides you with a list of the messages addressed to you that are stored in the Quarantine. You can look at the message subject headers to determine their content and decide what actions you want to apply to the messages.

You may also receive an empty Digest, which is simply an email message indicating that you have no messages in the Quarantine. You may want to receive a Digest even if it doesn't contain any messages, so you can continue to manage certain aspects of your email. 

Proofpoint - End User Digest

How do I use the Digest? 
The Digest will provide you with a list of all of the spam that has been quarantined for your account since you received the last Digest update. You will see a list of these messages and columns that indicate the subject, sender, and time received for each email. You will have three separate links available to you to complete an action on each email message:

  • Release: releases the message from the Quarantine to your normal email inbox.
  • Safelist: releases the message from the Quarantine to your inbox and adds the sender to your personal Safe Senders list. All future email from this sender will not be checked for spam.
  • Report: reports that the message was a false positive (that is, it should not have been classified as spam). In this case, the system analyzes the data to ensure that similar messages are not caught as spam in the future.

Other links in the Digest provide additional functionality. These links are not related to individual quarantined messages. The following links provide additional Digest management:

  • Request New End User Digest: immediately generates a new Digest with up-to-the-minute information about quarantined messages. Note: this Digest will contain a list of all messages currently in the Quarantine, not just those received since the last scheduled Digest update.
  • Request Safe/Blocked Senders list: sends you a list of all entries currently on your personal Safe and Blocked Senders List. (This list of safe and blocked senders is different than any lists you have set up on your email client.) 
  • Manage My Account: allows you to change account preferences, as well as actively manage your Safe Senders and Blocked Senders lists using a web interface.

Why do I get a warning message when I click on links in the digest? 
It is normal to see an "Invalid Certificate" warning when clicking on the links in the digest. You can safely accept the certificate warning and continue.

How often will I receive an End User Digest?
By default, you will receive an End User Digest once a day around 6:00pm (EST) if messages have been placed into your Quarantine since the last digest was sent.

I don't want to receive End User Digests anymore. How do I stop them?
If you don't want to receive a Digest, you can change your settings in your Proofpoint account

  1. Log into antispam.med.cornell.edu
  2. Click "Profile" on the left sidebar
  3. Select "Settings"
  4. In the "My Settings" window, uncheck the box next to "Send digest with new message in my End User Digest." If this box is unchecked, you will no longer receive a digest.

Proofpoint - Digest

Safe senders and blocked senders lists

What is a Safe Senders and Blocked Senders list?
There are two types of Safe Senders lists: the Global Safe Senders List and your personal Safe Senders List. Both are simply lists of legitimate senders of email. The email administrator controls the Global Safe Senders List, which applies to everyone in the organization. You control your personal Safe Senders List to which you can add the addresses of people, organizations, and mailing lists from which you do want to receive mail.

If a sender's address is included in the Safe Senders List, the anti-spam system does not filter the message for spam. (However, it still filters the message for a virus or inappropriate content.)

There is also a Global Blocked Senders List and a personal Blocked Senders List. These lists contain addresses of people, organizations, and mailing lists from which you do not want to receive "junk email." 

I have lists of blocked and safe senders (whitelists/blacklists) set up in the old spam management system. Will these carry over to the new spam management system?
Unfortunately, any lists of safe and blocked senders that you have set up in the old spam system (Symantec) will not carry over automatically to the new system. You will need to re-create them manually in the new system. If your lists are extensive and you have concerns about setting up fresh lists in the new system, please contact the ITS Support Desk and we will work with you to find a solution.

I set up lists of safe and blocked senders using my email client (Outlook, Apple Mail, etc.) Will these lists be impacted? 
No. The change in spam management system will not impact any lists of safe or blocked senders that you have set up directly in your email client. Those will remain intact.

How do I manually add Safe Senders and Blocked senders to the new spam management system? 
Log into antispam.med.cornell.edu with your WCMC CWID and password. Click Lists on the left side to view your Safe Senders and Blocked Senders lists. 

 

Proofpoint - Lists

To add a Safe Sender to your list:

  1. Click Safe Senders List on the left side.
  2. Click New on the top of the page. 
  3. Enter an email address (e.g., john.doe [at] xyz.com) into the field to permit all messages from this sender to be delivered. Optionally, enter an email domain (e.g., xyz.com) into the field to permit all messages from xyz.com to be delivered. Note: Permitting all email from an entire domain is not recommended as this could increase the risk of spam or malicious email.
  4. Click Save.

Follow the same procedure to add entries to your Blocked Senders list.

Email sent from addresses or domains on the Safe Senders List will not be filtered for spam, but will be filtered for viruses.

Other common questions                                                 

What other features are available to manage my account? 
The Manage My Account link gives access to a separate web interface that will allow you to manage your Safe Senders and Blocked Senders lists, change the preferred language interface for your Digest, and adjust Digest preferences. 

To access these features, click the Manage My Account link in the Digest. A separate browser window pops up on your screen and your personalized account management page will load in this window. You do not need to authenticate to your account management page because a secure code is generated in your personalized Digest that ensures that only you have access to change your settings. 

You have the following options to choose from in your account management page. Click the name of the option in the left navigation pane:

  • Profile - controls Digest settings and language preferences.
  • Lists - provides tools to manage personal Safe Senders and Blocked Senders lists.

Profile option to manage my account

The Profile option displays a My Settings view and the Save, Request Digest, and Refresh links.

Links:

  • Save: saves your settings each time you make any changes.
  • Request Digest: sends you an updated Digest.
  • Refresh: refreshes the view.

My Settings:

  • Send digest with new messages: this is the default setting. You will only receive a Digest when you have new messages in the Quarantine.
  • Send digest even when I have no new messages: this choice will send you a Digest whether or not you have new messages in the Quarantine. If there are no new messages, you will receive an empty Digest.
  • Preferred Language: you can select a language from the drop-down list. This is the language that displays in your Digest and in your Manage My Account browser window.
  • What type of spam detection do you want?: you can select a spam policy from the listed choices. The policies determine how you want your email filtered for spam.

Lists option to manage my account

The Lists option displays the Safe Senders List and Blocked Senders List views where you can manage your personal lists of safe senders and blocked senders. This feature is available to you if want to create your own personal lists.

Click Safe Senders List or Blocked Senders List in the left navigation pane to choose the list you want to manage.

Links:

  • New - provides a text field so you can add an email address or domain to your list.
  • Edit - lets you make changes to an address already on your list. You need to first select (click the check box) for the address you want to change.
  • Delete - deletes the selected address from the list.
  • Select All - selects all of the addresses on the list.
  • Unselect All -un-selects all of the selected addresses on the list.
  • Request Digest - sends you an updated Digest.
  • Refresh - refreshes the view.

Safe Senders List: Email sent from addresses or domains on the Safe Senders List will not be filtered for spam, but will be filtered for viruses.

Blocked Senders List:Email sent from addresses or domains on the Blocked Senders List will automatically be discarded so that you will not receive future emails from them. Note: if a spam message does make it through to your inbox, you should not add that email address to your Blocked Senders List since spammers rarely use the same email address twice.

What else can I do to increase the security of my email correspondence? 

ITS provides encrypted email to all users with a WCMC email account who would like to increase the security of their email correspondence. Users can easily encrypt their emails by typing "#encrypt" anywhere in the subject line of an outgoing email. Details on how to do this are available on our website

Please note that when using our new encrypted email system, you can login with your CWID and password, unlike the previous method of creating a new account name and password.

What happens if I have both WCM and NYP email accounts? 

For information about managing spam on NYP email accounts, please visit the NYP IS Infonet page on NYP Spam Filters.

 

Need Help?

myHelpdesk
(212) 746-4878
Monday-Sunday
Open: 24/7 (Excluding holidays)
SMARTDesk
WCM Library Commons
1300 York Ave
New York, NY
10065
M-F
9AM - 5PM
Make an appointment

575 Lexington Ave
3rd Floor
New York, NY
10022
Temporarily Closed

IT Glossary

Type an acronym or term you would like a definition for.