Microsoft 365 - Why did I receive a message from quarantine by Proofpoint Threat Response
Threat Response Auto-pull (TRAP) is a feature of the enhanced email security available with Proofpoint. TRAP removes malicious messages from your inbox based on threat intelligence obtained post-delivery. If the message is later found to be non-threatening, it will be delivered back to your account from the Proofpoint Quarantine mailbox.
What causes this scenario?
- All messages are scanned at the email gateway for malicious content and if they don't match any known threats are delivered to your mailbox.
- After delivery, Proofpoint Targeted Attack Protection determines that the content of the message (ex. links) is actually malicious and removes the message from your mailbox.
- In a small number of instances, further review determines that the message is safe and the message is forwarded back to your mailbox. This is considered a false positive.
- The message appears in your inbox as a forwarded message from the Proofpoint mailbox.
What address will the message come from?
The quarantined message will come from: "Quarantine Proofpoint <email@example.com>"
What other content is added to the forwarded message?
The message will contain the following text:
Message has been released from quarantine
This email has now been released from quarantine by Proofpoint Threat Response based on the IT Email Security policy.
What can you do with this email?
The message will appear like any other forwarded email you have received in the past. If you want to reply to the original sender of the email, you will need to find the original sender's email within the message and forward the message to this address.
If you reply to the message, remember to remove "Quarantine Proofpoint <firstname.lastname@example.org>" recipient address before sending the message.