Open cardi opened 4 years ago
cardi
commented
4 years ago From UOregon:
Are all links altered?
Most links are re-written except in certain situations. These situations are:
If the website is within the University of Oregon's domain (e.g. "physics.uoregon.edu") it will not be altered If the email is sent from one UO Exchange user to another, links in that message will not be be altered If the email is signed with PGP or S/MIME, links in the message will not be altered
cardi
commented
2 years ago From UCSD:
Can customers opt-out (if they don't like the reformatting issues, for example)? There is no opt-out process in place.
Will the links still work after some indefinite period of time? (such as when Proofpoint isn't the low bidder for the next renewal - or does that make for permanent lock-in) or Proofpoint is unreachable? The links will work indefinitely, even if we cease being a Proofpoint customer.
Will Proofpoint's visiting the site to scan it before redirecting the customer invalidate one-time use URLs (like password reset messages or redeem-once offers) before the customer sees them? No, it will not invalidate one-time use URLs because Proofpoint does not visit the site, the URL is rewritten. The first visit occurs when the customer clicks on the rewritten link, and it is at that time, the site link is evaluated.
Will forwarding a message with the rewritten links make your outgoing messages look more spammy to some third-party anti-spam solution that's used by a third-party recipient because the links point to some weird location that appears unconnected with the title of the link? This should not be an issue; it was not experienced during testing. That said, if problems arise during a broader roll-out, we will address the issue as soon as we are notified.
Does Proofpoint log and/or track link visiting activity? Proofpoint will log when someone clicks a link. That is the extent of logging. This information is given to UC San Diego to identify any account clicked on with a malicious link that previously was not considered malicious. At this point, the security office can follow up with that individual to ensure their credentials are not compromised.
What info is encoded in the long random-looking strings? Is it unique/traceable back to individual emails, or will a link to ucsd.edu always be encoded the same? The encoding includes the original link, the original recipient, and a security identifier that links it to the UC San Diego instance of Proofpoint.
Will PGP signed messages be invalidated due to the rewriting? Only HTML PGP signed messages received from a non-campus email account or via our campus mailing list would be invalidated. Plaintext PGP signed messages would not have links rewritten and will not be invalidated.
cardi
commented
2 years ago
https://twitter.com/malware_traffic/status/1043174079828770817