Microsoft 365 - Why did I receive a message from quarantine by Proofpoint Threat Response

Threat Response Auto-pull (TRAP) is a feature of the enhanced email security available with Proofpoint. TRAP removes malicious messages from your inbox based on threat intelligence obtained post-delivery. If the message is later found to be non-threatening, it will be delivered back to your account from the Proofpoint Quarantine mailbox.

Important: Automated message remediation via TRAP is currently disabled pending further analysis and testing.

What causes this scenario?

  1. All messages are scanned at the email gateway for malicious content and if they don't match any known threats are delivered to your mailbox.
  2. After delivery, Proofpoint Targeted Attack Protection determines that the content of the message (ex. links) is actually malicious and removes the message from your mailbox.
  3. In a small number of instances, further review determines that the message is safe and the message is forwarded back to your mailbox. This is considered a false positive.
  4. The message appears in your inbox as a forwarded message from the Proofpoint mailbox.

What address will the message come from?

The quarantined message will come from: "Quarantine Proofpoint <proofpoint-quarantine@wisc.edu>"

What other content is added to the forwarded message?

The message will contain the following text:

This email has now been released from quarantine.

Message has been released from quarantine

This email has now been released from quarantine by Proofpoint Threat Response based on the IT Email Security policy.

What can you do with this email?

The message will appear like any other forwarded email you have received in the past. If you want to reply to the original sender of the email, you will need to find the original sender's email within the message and forward the message to this address.

If you reply to the message, remember to remove "Quarantine Proofpoint <proofpoint-quarantine@wisc.edu>" recipient address before sending the message.



Keywordsmicrosoft office365 o365 m365 365 proofpoint junk mail filter is-spam report-spam report-not-spam outlook on the web mac threatening phishing trap   Doc ID127581
OwnerO365 S.GroupMicrosoft 365
Created2023-05-02 15:12:59Updated2023-12-24 15:44:18
SitesDoIT Help Desk, Microsoft 365
Feedback  0   1