What is URL Targeted Attack Defense?
URL Targeted Attack Defense (URL Defense) is a feature within Advanced Email Security which scans the body of your email messages for links in real-time to protect users from viruses and phishing attempts.
How does URL Defense work?
After you've set up URL Defense, links in messages are re-written to use a Proofpoint URL. This is "defending" the URL, because it allows Proofpoint to scan URLs as you click on them in your messages to verify they aren't malicious. If the destination URL and website are considered bad, you'll be directed to a page showing "The website has been blocked!" Otherwise, you'll be taken to the website that was originally linked in the message.
What does the re-written URL look like?You'll be able to tell if a URL has been re-written by hovering over it in your email message. When hovering over a re-written URL you'll see:
Note: Only URLs within the message body can be re-written. Any URLs in attachments cannot be rewritten by Proofpoint.
What will be configured by default?
By default, all links in the message body will be rewritten, with the exceptions below:
- URLs contained within Encrypted/protected messages will not be defended.
- DKIM signed messages are not rewritten by default. You can enable this when configuring URL Defense.
Note: Re-writing URLs in DKIM-signed messages can break the DKIM signature
- You can customize the URL Defense settings to re-write additional content or exclude some content from being rewritten. Check out Configuring URL Targeted Attack Defense for these settings.