Proofpoint Targeted Attack Protection System (TAP)

In light of recent targeted phishing attacks, IT Services has enabled a new feature to campus’ Proofpoint e-mail protection system called TAP (Targeted Attack Protection).  TAP re-writes URLs in email coming into campus because malicious links may infect user's email accounts resulting in compromised CSUSB logins or data. 
How does TAP work?
When incoming emails are processed through Proofpoint’s cloud-based servers, all links received by your account will be scanned and rewritten with Proofpoint URLs.  When you hover over an email link, you’ll see a Proofpoint URL:  Here's an example of a re-written URL:

Example of URL rewritten by ProofPoint Targeted Attack Protection

Deciphering Proofpoint TAP rewrite starts at the begining where all URLs start with  Then notice /url?u=http which begins the destination URL.  Is it familiar or known?  Does it fit the context of the email received?  Linkedin is the example shown and that fits the context.  Rewritten URLs show that  Proofpoint has added the URL to its list.  Rewriting does not indicate a URL is bad or good. It only means Proofpoint has collected the URL and if the URL is identified as bad Proofpoint will protect users from going to that website.

What do I need to do differently?
TAP is designed to work seamlessly behind the scenes and most users will not notice the difference. However, please be aware that all e-mail links sent from the internet should begin with, even if it is a link.
If you click on a link classified as safe the link will functional normally and will direct you to the intended destination.  Just because the link has been safe at one time does not mean the link is not malicious.  Users are expected to assess whether the email or website may contain other indictations of malicious or suspicious intent.
If you click link that has been classified unsafe or malicious then a notice will appear letting you know the website has been blocked, similar to the image below.
Proofpoint TAP Blocked Message

For more information about how TAP works visit the Proofpoint website.
If you have received a suspicious email, please alert IT Services by forwarding it as an attachment to

Return to Knowledge Base