Proofpoint - Targeted Attack Protection (TAP) URL Defense
In an effort to protect UMass Medical School users, Information Technology has rolled out a feature within the University’s e-mail security product called Proofpoint Targeted Attack Protection (TAP) URL Defense.
How URL Defense Works
URL Defense scans incoming e-mail for known malicious hyperlinks and for attachments containing malware. This feature rewrites scanned URLs to Proofpoint’s standard URL format https://urldefense.proofpoint.com. Once a link is rewritten, it is analyzed for any potential malicious content. If categorized as malicious you will be redirected to a block page upon accessing the link in your browser. URL Defense works behind-the-scenes, which means you do not need to do anything to activate or take advantage of the system.
Screenshots of URL Defense in Action
Rewritten URL’s can be observed by hovering over the link:
The block page will look similar to this:
If you receive Plain-Text e-mails
When URL Defense detects a hyperlink in a plain-text e-mail (non-HTML), it will rewrite the URL in plain text. In this case, you will see the rewritten URL directly in the body of the e-mail. E-mails with HTML or rich text are most common, so Plain-Text rewrites will occur infrequently.
If you forward an e-mail with a re-written link
Once URL Defense has rewritten a URL, if the message is forwarded or replied to, the URL will remain rewritten. Additional links added to the message being replied to or forwarded will not be rewritten. If you believe recipients may have questions you could include the following in your signature:
“UMass Medical School e-mail is protected by Proofpoint’s URL Defense product. Hyperlinks in this e-mail may begin with ‘urldefense.proofpoint.com’ and have a generally long format”
If you believe a URL has been blocked unnecessarily or believe a fraudulent site has not been blocked, please reach out to the Help Desk or email Information Security at ITSecurity@umassmed.edu.