We recently shared that the university’s spam prevention/antivirus software will transition from Sophos PureMessage for UNIX to Proofpoint. Proofpoint will scan all incoming and outgoing email to detect spam or phishing attempts and viruses. Our next phase of the rollout will bring several changes related to your email.
Do I need to take action?
As you review the changes outlined below, please know at this time, you do not need to take any action. This notification is for awareness purposes about upcoming changes. One function that’s changing is how to report spam/phishing emails (see below for more details). Once we have instructions about how to install the Proofpoint Report Suspicious Add-in, we’ll let you know so you can begin using it to report suspicious email.
Report spam/phish
An important part of email security is feedback from the university community (that’s you!). The mechanism to report spam or phishing emails will soon change. Instead of using the UW–Madison Report Spam/Phish Outlook button, you will use Proofpoint’s Report Suspicious Mail Add-in. We’ll provide instructions about how to enable and manage the new add-in soon. If you use a non-Microsoft client for managing email, nothing will change. You should continue reporting spam to report-spam@doit.wisc.edu. Please reference Microsoft 365 – Submit a message as spam/phishing for the most up-to-date recommendations on how to submit spam.
Subject tagging
Currently, if we think a message is suspicious, we alter subject lines to notify you. Examples are subject lines with text such as [CAUTION: External] or [SCAM]. We anticipate Proofpoint will route truly suspicious mail to your junk folder rather than your inbox. Once we have transitioned to Proofpoint, we will no longer modify the subject of external messages except in the case where we are unable to scan an attachment. Please see the Email Security – Subject Tagging KB article for more information.
Executable attachments
File attachments are the most common mechanism for delivering viruses to your computer. With the Enhanced Email Security project, we will be more aggressively removing attachments that are frequently used to disguise malicious content. In situations where you need to share an executable file (.exe file) with a colleague or classmate, please use one of the collaboration services available such as Google Drive, Microsoft OneDrive or Box. For a current list of attachment file extensions that will be removed from emails, see the Email Security – Executable Attachments KB article.
Message headers
Email headers are essential message metadata that is added to every email message you receive. Most people are unaware of message headers since, by default, they are not displayed to you. However, we know some people do review message headers and in some cases have created inbox rules that may look for specific headers. Please be aware that message headers associated with our legacy email security system will be discontinued with the new email security rollout. For a full list of deprecated headers see Email Security – Email Header Deprecation.
Questions/concerns
To learn more about this project, check out this earlier post. Sophos PureMessage, the vendor UW–Madison currently uses to scan all inbound and outbound email for viruses and spam, will retire July 20, 2023. Proofpoint will be implemented prior to July 2023 to ensure there is no gap in spam prevention/antivirus functions.
If you have questions, please contact the Help Desk.