Proofpoint - Targeted Attack Protection (TAP) URL Defense

In an effort to protect UMass Medical School users, Information Technology has rolled out a feature within the University’s e-mail security product called Proofpoint Targeted Attack Protection (TAP) URL Defense.

How URL Defense Works

URL Defense scans incoming e-mail for known malicious hyperlinks and for attachments containing malware. This feature rewrites scanned URLs to Proofpoint’s standard URL format Once a link is rewritten, it is analyzed for any potential malicious content. If categorized as malicious you will be redirected to a block page upon accessing the link in your browser. URL Defense works behind-the-scenes, which means you do not need to do anything to activate or take advantage of the system.

Screenshots of URL Defense in Action

Rewritten URL’s can be observed by hovering over the link:

 Re-written URL in a Proofpoint Protected E-Mail

The block page will look similar to this:

 Proofpoint URL Defense Block Page

If you receive Plain-Text e-mails

When URL Defense detects a hyperlink in a plain-text e-mail (non-HTML), it will rewrite the URL in plain text. In this case, you will see the rewritten URL directly in the body of the e-mail. E-mails with HTML or rich text are most common, so Plain-Text rewrites will occur infrequently.

If you forward an e-mail with a re-written link

Once URL Defense has rewritten a URL, if the message is forwarded or replied to, the URL will remain rewritten. Additional links added to the message being replied to or forwarded will not be rewritten. If you believe recipients may have questions you could include the following in your signature:

UMass Medical School e-mail is protected by Proofpoint’s URL Defense product. Hyperlinks in this e-mail may begin with ‘’ and have a generally long format”

Additional Assistance

If you believe a URL has been blocked unnecessarily or believe a fraudulent site has not been blocked, please reach out to the Help Desk or email Information Security at