How You Can Block Spam, Viruses and Phishing Emails with Proofpoint

by | Sep 12, 2019 | Guides


Proofpoint is a market leading provider of email security. Their Essentials package aims to help small and midsized companies to protect their business networks and employees against malicious emails, including spam, viruses, ransomware and phishing attacks.

Proofpoint Essentials contains a number of key features that admins can utilize to block spam and phishing emails, without stopping end users from accessing all the emails that they need to.

This article will cover the technical aspects of Proofpoint, and serve as an in-depth guide into how businesses can stop spam and other malicious emails using Proofpoint.


The first step to getting set up to stop spam and malicious emails is to deploy Proofpoint to work with your existing email server, whether that’s on-premise Exchange, Office 365 or G-Mail.

Deployment is very straightforward and should only take a few hours working with the onboarding team. It requires you to add and verify your domains and change your MX Records so that emails can be integrated with Proofpoint.

Proofpoint itself is integrated with Azure Active Directory. Azure allows you to add all your users into the system in one quick go, pulling in all of your users and their alternate email addresses. This is updated hourly, so any new users are added to the system without any extra work for admins.


Spam Settings

Once Deployment is out of the way, admins can start configuring Proofpoint to block Spam, Malware and any other kind of malicious emails. We’ll start by covering the spam filtering functionality.

Trigger Levels

Proofpoint configures the strength of its spam filter using Trigger Levels, on a scale of 2-22. 2 is the maximum strength, nothing remotely suspicious makes it through functionality, while 22 is a less strict rule which allows more into the system. 

The default level Proofpoint ships with is 7. This is an aggressive spam filtering level, which blocks malicious spam emails, as well nuisance spam or ‘grey-mail’ which includes newsletters and automated sales emails.

When setting the trigger levels, admins can apply granular policies, such as setting different Tigger Levels to different users, and allowing or denying specific domains. This allows certain newsletters or emails to come through from certain companies.

Virus Scanning

Once you have set your Trigger Level to block spam emails, admins can configure the Virus Scanning functionality. It’s a simple process to set rules that block different kinds of attachments, including executable files that can install malware and ransomware on a target endpoint.

Again, these rules can be set at an organization-wide level or can be set for individual email addresses or groups. These policies help to ensure that users will not be able to receive or open any attachments that could potentially harm company devices or networks.

 Configure Features


From the features menu, admins can toggle multiple security features that Proofpoint offers. An important feature to stop spam, malware and phishing emails is the URL Defence.

URL Defence scans links within emails in real time. It determines if links are sending users to malicious websites, and if so, blocks them. This works in real time, helping to protect against phishing attacks by blocking users from visiting malicious websites.


An important aspect to using Proofpoint to stop spam and other malicious emails is setting up Digest Reports. These reports are delivered to every individual within the company so that they can see a list of emails that were delivered to them, or that they have attempted to send, which has been blocked by Proofpoint’s filters.

Admins can choose how often these are delivered. We recommend that users have them delivered twice daily. This allows users to check if any important emails have been blocked by mistake on a regular basis.

The Digest Reports allow users to preview the email that has been blocked, so that users can see what the email would have been. However, admins can choose to turn this feature off if they prefer. When the email is previewed, any images are removed, as this is a common way for attackers to see if the email has been viewed.

By default, end users can approve and release emails back into their inbox from their Digest Report. This means that if a critical email has been blocked, they can easily get it back into their inbox and reply to it. This is optional and can be turned off based on admin policies.


In the filters menu, admins can set their policy around Outbound Email Security and Data Loss Prevention. You can set rules which stops outbound emails containing certain attachments, or credit card information, from being sent out. 

This helps to prevent data loss, as employees shouldn’t be sending credit card information via emails, which is an unsecure communications platform.  It’s also a useful tool for preventing successful phishing attacks, as in the case a user has fallen for a phishing email, they will be unable to send out any financial information.  

Admins can also prevent users from sending sensitive health information, and emails containing swear words, which may be useful from a compliance and HR standpoint. Some users even use these filters to block domains from certain geographical areas, which can help if companies are seeing multiple attacks from one specific location.

User-Level Controls

An important aspect to utilizing Proofpoint for spam and malicious email filtering is setting up the User-Level Control policies. 

Admins can add a button into users’ inboxes, which allows users to report emails as spam. Proofpoint will register this and block the email from reaching that inbox or others in the future. Admins can set this at a user level, or a company wide level.

All Proofpoint users within an organization get access to their own login to the Proofpoint system. This allows them to access their digests, as we discussed earlier, that allow them to preview or release quarantined emails. Users’ accounts also enable them to access their own email archive, which displays all of the emails that they have sent and received. This can be very useful to prevent data lose, and to use in compliance cases.

 In the User-Level Controls menu, admins can also set the spam Trigger Level at a per-user level, which sets the sensitivity of the spam filtering. This can be useful to stop any potentially risky emails from reaching high-risk users. 

Admins can also set user specific and company-wide signatures, to ensure brand consistency from this menu, which doesn’t help with phishing attacks, but is a neat feature nonetheless.

Sender Lists

When trying to prevent malicious emails it’s important to set allow/deny lists. These block emails from domains that are known to be malicious, or potentially malicious, while allowing you to still receive emails from domains you know to be safe. 

Admins can easily allow and deny domains using Proofpoint. They can allow domains on a company-wide level, or on a specific user basis. Many organizations aiming to reduce the number of successful breaches they face may also be engaged in Security Awareness Training, which often involves testing employees with simulated phishing emails. 

Being able to allow certain domains is critical for security awareness training, as otherwise simulated phishing emails are often blocked as real phishing attacks.

Report Centre

The final important step to combat spam and malicious emails is reporting. This lets admins see how many attacks are being stopped by their email gateway system, find out where attacks are coming from, and plan steps to combat them. 

To demonstrate the power of the reporting centre here is a case study from one of our customers.

As you can see, they are having 18 viruses and 6683 spam emails blocked, each day. This represents a massive in their security posture since they deployed Proofpoint on their email networks.


Proofpoint is the best option to protect your business and your users from security threats originating from email. They offer a range of technical features admins can utilize in order to stop malicious from reaching inboxes such as customizable spam filters, virus scanning, send/deny lists and URL rewriting to stop phishing attacks.

They also allow users more control over their email security, with digests, logs and access to their own archive, which helps to stop malicious emails, without compromising your critical business productivity.

To get started with Proofpoint Essentials, get in touch with one of our expert technical pre-sales team who can help you provision your account for a free trial of the service today.

Related Articles
Instructions for Whitelisting IRONSCALES On Office 365
Instructions for Whitelisting IRONSCALES On Office 365

Whitelisiting IRONSCALES on Office 365 to allow you to send simulated phishing campaigns is a two stage process.  Stage One 1. Sign into Office 365: Go to and sign in.  2. Click on admin from your list of apps.  3. In the...

How To Set Up Your Free Phish Test
How To Set Up Your Free Phish Test

Jura Security’s Free Phishing Test helps you to test your employees’ security effectiveness by sending them simulated phishing emails. Phishing attacks delivered by email work by tricking users into believing an email is genuine. They convince users to...

Read More