Last Update: 06. October 2023
The Proofpoint Essentials email security product has been growing in popularity for some time. This is not least because Proofpoint Essentials is easy to set up, offers a simple and clear web interface for administration and covers most standard Swiss SMB email scenarios very well.
As the feature set grows, so does the complexity of the systems, so we would like to give you an overview of the technology, the functionality and its limitations in this article.
Basic Management
My Login to the Proofpoint Essentials Admin Portal is not working!
Please ensure, that you are using the correct URL to open the Proofpoint Essentials WebAdmin GUI. We see often, that european administrators try to access the WebAdmin GUI over the Proofpoint Website proofpoint.com → Login → Proofpoint Essentials (https://us1.proofpointessentials.com/) to Login. Unfortunately this is the Login page of the US1 cluster. European customers can use the EU1 cluster: https://eu1.proofpointessentials.com/ . Those are different platforms.
Where can I find the product Help Manual or Documentation
You can find a questionmark symbol at the right top inside the Proofpoint Essentials WebAdmin GUI:
Proofpoint Essentials has a very good documentation that covers most of the questions asked to us by customers.
Some users have disappeared
There are two frequently seen reasons why users disappear:
- SMTP Discovery
The first thing to check is whether the SMTP Discovery feature is enabled. Possibly the accounts have been decommissioned. On the customer, go to the menu: “Users & Groups” -> “SMTP Discovery” and select “Marked Invalid” from the drop-down list. If users are now displayed here, they have been (erroneously) deactivated. You can check the accounts and then reactivate them with “Select” -> “Remove from invalid List” -> “Apply”.
Detailed documentation on the SMTP Discovery feature can be found in this knowledge base article. - Active Directory or Azure AD Sync
If users are removed or disabled inside the AD/Azure AD, they will be updated accordingly on Proofpoint. Therefore, please ensure that the directory is configured right. It is possible to exclude users from the sync to prevent them from being deleted or updated.
No E-Mail messages are being processed!
In most cases, the respecting domain is simply disabled for email relaying. In this case, you just need to enable the email relay feature for the domain as shown below:
If the domain is not verified yet, you need to verify the domain first:
Otherwise you can just enable relaying:
Please note, that this settings need some time to be applied.
The settings I’ve just made are not being applied!
It may take between 30 to 60 Minutes to apply some configuration changes.
Proofpoint has created a KB article where all the update frequencies are documented: Timing for configuration changes to occur.
The message “The domain ‘testdomain.ch’ is already configured in the system. Contact support if you need to proceed with this.”
If you have waited for an hour after deleting the domain and the message is still showing up: Your reseller or distributor needs to open a Proopoint Essentials support case and ask Proofpoint to remove the domain. Afterwards you will be able to re-add the domain.
Is there an API for access to Proofpoint Essentials data?
Yes, the API documentation can be found on: https://eu1.proofpointessentials.com/apidocs/documentation
Essentials Licensing and Featureset
Which licenses are available and what are the differences between the license packages?
Proofpoint has a document with an overview over the packages available and the contained features of every package on their website. You can find the document here.
Can I license 10 users for essential email security but only 5 of them for essential security awareness training and essential archive?
No. You need to license the same amount of licenses for every service.
How can we use the archive mobile app with the cloud, what is the correct URL?
This mobile App/Feature is only available for Proofpoint Enterprise Archive. But not for the Essentials variant.
Essentials Email security
Is it possible to REJECT all messages from every sender worldwide except from addresses that are in the “Safe Senders” list?
It is not possible to reject all senders worldwide except those on safe sender list.
Activation links are already clicked at the time when the email is being delivered to the recipient. One-time activation links are not usable anymore because of this behaviour.
There are three frequently seen mechanisms that cause this issue:
- Proofpoint URL Defense (The Proofpoint Sandbox that also can open and inspect links)
- The MS365 feature “Safe links” (The Microsoft Sandbox that also can open and inspect links)
- Third party Sandboxing solutions like FortiSandbox and similar
To ensure, that the problem is caused by such a sandboxing solution, please disable the sandbox or configure an exception. We recommend to only disable the sandbox if no other option is available. Sandboxing is a very important security mechanism that should not be disabled whenever possible.
Is it possible, to DISCARD or DELETE messages from a sender, that is on the “Blocked Senders” List instead of quarantining the messages?
It is not possible to discard messages on the block sender list. These will be quarantined. But:
If you do not want these emails to appear in the logs or in the quarantine digest report you can create a filter to hide these emails:
If: “sender address” is: list your addresses
Do: “Quarantine”
And: “Hide Logs from Non-Admin Users”
And it is also possible to disable the reporting in the digest settings:
Messages from ourdomain.ch destined to ourdomain.ch are being quarantined. Why?
In most cases, internal emails do not leafe the organization internal mailserver. This is the recommended procedure for handling internal emails. Therefore, Proofpoint will never receive messages from our internal domain to our internal domain. In some rare cases, this scenario is needed and may cause issued on Proofpoint Essentials email security if not configured correctly.
Proofpoint Essentials has a feature named “Inbound domain spoofing protection”. This does not allow messaged FROM and TO an internal recipient. Therefore you need configure a rule to bypass anti spoofing checks according to this knowledge base article.
Is it possible to send mass or bulk mailings over Proofpoint Essentials?
Yes. Bulk mailings to a limited amount of messages per hour are possible to be sent over Proofpoint Essentials. To enable this for a user, you need to create a support case and provide the “source” sender address the customer is intending to use for mass/bulk mailing.
Support is then creating a exception for the specific user. Changes will take 60 minutes to take place.
Is it possible to retrieve emails that have already been delivered after they have been identified as malicious?
Yes, Proofpoint can, but unfortunately not in the Essentials solution. At Proofpoint the function is called TRAP (Threat Response Auto Pull) and is only included in the more comprehensive products.
Does Essentials check also url-links included in documents like pdf or word or just url-links in emails?
Yes, Proofpoint can do it using the feature Attachment Defense Sanboxing. This feature is available for customers that have Advance and Professional packages.
Essentials Security Awareness Training
Is PhishAlarm available in Proofpoint Essentials?
At the moment (October 2023), PhishAlarm is not available in Proofpoint Essentials.
Is it possible to automatically set the language for PE-SAT for a user?
In PE-SAT it is necessary that the user selects its language when first using the platform. In P-SAT (not the Essential version), the language can be inherited from the browser.
A Customer is using “Proofpoint Essentials Email Security” and “Proofpoint Essentials Security Awareness Training”. Do we need to whitelist anything on the Email Security Platform?
This safelisting is already done between Proofpoint products.
The only possible configuration you may want to do, is under URL Defense settings. You many want to tick the box “Exclude URLs within Security Awareness Emails”. Then save.
This will stop rewriting of Security Awareness links.
Essentials Email Archive
Is it possible to import existing email archive into Essentials Email Archive?
Yes, it is possible. To import existing archive data, a support ticket must be opened. The PST and EML Email filetypes can be imported. Take a look into this nowledge base article.
Is it possible to prevent archiving of emails for a single user?
No. There is no feature on Proofpoint side, that allows to exclude a user from the archive.
But you can configure your local email server in the way it does not send the messages from this user to the archive.
What happens after retention period of 10 years with archived emails?
Email archive is included in Essentials Professional package with a 10 years retention time by default. After 10 years it is possible to store affected emails by Legal Hold function. Take a look at this Knowledge Base article.
