Proofpoint Message Tagging<\/h3><\/div>\r\n \t\t\t\r\n \t\t\t\t\r\n \t\t\t\t\t<\/p>\nThere are a number of factors that Proofpoint uses to determine the legitimacy of a message. If Proofpoint determines that a message may be spam, it adds SPAM<\/strong> to the subject header, with additional text based on its confidence level.<\/p>\n\n- Over 50% spam confidence\n
\n- Subject header added: [SPAM?:*****] <\/strong><\/li>\n
- Additional asterisks for every additional 10% spam confidence (ie. [SPAM?:*******] for 70% confidence)<\/li>\n<\/ul>\n<\/li>\n
- 100% spam confidence\n
\n- Subject header added: [SPAM – DEFINITE]<\/li>\n<\/ul>\n<\/li>\n
- Messages identified as “low priority” (e.g. bulk mail, marketing lists) but not spam will have a new header added:\n
\n- X-Proofpoint-Tag: lowpriority<\/em><\/li>\n<\/ul>\n<\/li>\n
- All messages will have an X-Proofpoint-Spam-Details<\/em> header which will provide the details of the message’s scoring and the most relevant rule that has matched.<\/li>\n<\/ul>\n
\n \t\t\t\t<\/div>\r\n \t\t\t<\/div>\r\n \t\t<\/div>\r\n \t\t\n \t\t
\r\n \t\t\tMessages with attachments seem to be delayed<\/h3><\/div>\r\n \t\t\t\r\n \t\t\t\t\r\n \t\t\t\t\t<\/p>\nThere may be some short mail delays (3-4 minutes) for incoming messages with attachments.<\/p>\n
These potential delay are caused by a security feature called\u00a0Attachment Defense<\/strong>. Attachments are run in a\u00a0sandbox virtual machine to check for behaviors identified with malware (unidentified worms, crypto-lockers, etc.).\u00a0The timeout for Attachment Defense is set to 15 minutes.<\/p>\n\n \t\t\t\t<\/div>\r\n \t\t\t<\/div>\r\n \t\t<\/div>\r\n \t\t\n \t\t
\r\n \t\t\tWhat's the difference between Spam and Phishing?<\/h3><\/div>\r\n \t\t\t\r\n \t\t\t\t\r\n \t\t\t\t\t<\/p>\nSpam<\/strong> is unsolicited email that often attempts to sell a product or service. Typically, spam is addressed to a vast number of people in hopes that casting a wide enough net will increase the likelihood of getting a response.<\/p>\nPhishing<\/strong> is a specific type of spam that attempts to trick you into giving away your personal information, whether it’s your UVM credentials, your credit card information, or even your Social Security Number.<\/p>\nPhishing attempts are often threatening and time sensitive — “Respond by tomorrow or we will delete your account!” Phishing attempts may appear to come from UVM or some well known company and often include a mix of real and fake email addresses and web links (URLs).<\/p>\n
The University of Vermont is invested in maintaining the security of your account and protecting your private information while also ensuring these services don’t dissuade collaboration and aren’t overly restrictive. As such, we rely on our users to practice safe computing and be cautious and critical.<\/p>\n
\n \t\t\t\t<\/div>\r\n \t\t\t<\/div>\r\n \t\t<\/div>\r\n \t\t\n \t\t
\r\n \t\t\tHow do I know if a message is legitimate or not?<\/h3><\/div>\r\n \t\t\t\r\n \t\t\t\t\r\n \t\t\t\t\t<\/p>\nIt’s important to always be wary of any emails you receive. Even if you receive an email from a friend, colleague, or family member, it’s possible this person’s email credentials have been compromised.<\/p>\n
There are several cues that help in determining the legitimacy of an email.<\/p>\n
\n- The email is not personalized\n
\n- The email isn’t sent directly to you, and your name is not used in the body of the message<\/li>\n
- The message was sent to a list of individuals with whom you are unfamiliar<\/li>\n
- The recipients of this message are hidden<\/li>\n<\/ul>\n<\/li>\n
- The subject line is intended to shock, but doesn’t describe the content of the message<\/li>\n
- The content of the email is awkwardly written and\/or contains spelling and grammatical errors<\/li>\n
- The email is urgently requesting personal financial information<\/li>\n
- When you hover over any links in the message for a few seconds, the link doesn’t match where the sender said the link would go, or the link doesn’t go to a UVM site<\/li>\n<\/ol>\n
When any of these cues appear in an email concerning your UVM account, you shouldn’t respond or click any links in the email, and you should delete the email.<\/p>\n
For more detailed information, see Managing Online Safety: Phishing and Spam<\/a>. If after checking for these cues you are still unsure if the email is legitimate, you can contact the UVM Tech Team<\/a> for assistance.<\/p>\n \t\t\t\t<\/div>\r\n \t\t\t<\/div>\r\n \t\t<\/div>\r\n \t\t\n \t\t\r\n \t\t\tWhat should I do if I responded to a phishing attempt, or clicked a link in a phishing email?<\/h3><\/div>\r\n \t\t\t\r\n \t\t\t\t\r\n \t\t\t\t\t<\/p>\n\n- Change your NetID Password at https:\/\/account.uvm.edu<\/a> as soon as possible.<\/li>\n
- It’s possible UVM’s Identity and Account Management department will catch that your account has been compromised. If so, your account will be locked to protect your information and privacy, and the University’s privacy as a whole. To remove this lock, you will need to contact Identity and Account Management<\/a><\/strong>.<\/li>\n
- Though not always necessary, you may also want to change your password for various non-UVM services (personal bank, other email accounts).<\/li>\n
- If you replied to a phishing email, you may also want to remove the email address from your outlook cache. To do this in Outlook or Outlook Online<\/a>:\n
\n- Start by composing a new email message.<\/li>\n
- Begin typing the name of the address\/individual you’d like to remove from the cache. The desired name\/address will display in the auto-complete window.
\n![\"Outlook](\"https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-content\/uploads\/2018\/10\/delete-cached-address.png\")
<\/a><\/li>\n- When you’ve found the contact you’d like to remove, hover your mouse pointer over the contact and then click on the X\u00a0<\/strong>to remove it.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n
\n \t\t\t\t<\/div>\r\n \t\t\t<\/div>\r\n \t\t<\/div>\r\n \t\t\n
Reporting Proofpoint Tagging Errors<\/h3>\n
False positives and false negatives are possible with all email filtering services. Reporting these tagging errors can help improve the algorithm.<\/p>\n \t\t
There are a number of factors that Proofpoint uses to determine the legitimacy of a message. If Proofpoint determines that a message may be spam, it adds SPAM<\/strong> to the subject header, with additional text based on its confidence level.<\/p>\n \n \t\t\t\t<\/div>\r\n \t\t\t<\/div>\r\n \t\t<\/div>\r\n \t\t\n \t\t There may be some short mail delays (3-4 minutes) for incoming messages with attachments.<\/p>\n These potential delay are caused by a security feature called\u00a0Attachment Defense<\/strong>. Attachments are run in a\u00a0sandbox virtual machine to check for behaviors identified with malware (unidentified worms, crypto-lockers, etc.).\u00a0The timeout for Attachment Defense is set to 15 minutes.<\/p>\n \n \t\t\t\t<\/div>\r\n \t\t\t<\/div>\r\n \t\t<\/div>\r\n \t\t\n \t\t Spam<\/strong> is unsolicited email that often attempts to sell a product or service. Typically, spam is addressed to a vast number of people in hopes that casting a wide enough net will increase the likelihood of getting a response.<\/p>\n Phishing<\/strong> is a specific type of spam that attempts to trick you into giving away your personal information, whether it’s your UVM credentials, your credit card information, or even your Social Security Number.<\/p>\n Phishing attempts are often threatening and time sensitive — “Respond by tomorrow or we will delete your account!” Phishing attempts may appear to come from UVM or some well known company and often include a mix of real and fake email addresses and web links (URLs).<\/p>\n The University of Vermont is invested in maintaining the security of your account and protecting your private information while also ensuring these services don’t dissuade collaboration and aren’t overly restrictive. As such, we rely on our users to practice safe computing and be cautious and critical.<\/p>\n \n \t\t\t\t<\/div>\r\n \t\t\t<\/div>\r\n \t\t<\/div>\r\n \t\t\n \t\t It’s important to always be wary of any emails you receive. Even if you receive an email from a friend, colleague, or family member, it’s possible this person’s email credentials have been compromised.<\/p>\n There are several cues that help in determining the legitimacy of an email.<\/p>\n When any of these cues appear in an email concerning your UVM account, you shouldn’t respond or click any links in the email, and you should delete the email.<\/p>\n For more detailed information, see Managing Online Safety: Phishing and Spam<\/a>. If after checking for these cues you are still unsure if the email is legitimate, you can contact the UVM Tech Team<\/a> for assistance.<\/p>\n \t\t\t\t<\/div>\r\n \t\t\t<\/div>\r\n \t\t<\/div>\r\n \t\t\n \t\t \n \t\t\t\t<\/div>\r\n \t\t\t<\/div>\r\n \t\t<\/div>\r\n \t\t\n False positives and false negatives are possible with all email filtering services. Reporting these tagging errors can help improve the algorithm.<\/p>\n \t\t\n
\n
\n
\n
Messages with attachments seem to be delayed<\/h3><\/div>\r\n \t\t\t
What's the difference between Spam and Phishing?<\/h3><\/div>\r\n \t\t\t
How do I know if a message is legitimate or not?<\/h3><\/div>\r\n \t\t\t
\n
\n
What should I do if I responded to a phishing attempt, or clicked a link in a phishing email?<\/h3><\/div>\r\n \t\t\t
\n
\n
\n<\/a><\/li>\nReporting Proofpoint Tagging Errors<\/h3>\n