1. Choose the sending method carefully
If you want to use Proofpoint’s “Phish Alarm” button you must send mail via IP whitelist method; otherwise Proofpoint will refuse to let a user report our mail because there is no “header”.
In practice, TRAP, Proofpoint’s AI that analyzes emails, is not able to analyze a message that has not passed through their mail protection tool upstream — so any messages injected via API are not analysable by TRAP
2. Successfully whitelist our IP address and domain inside Proofpoint as well (not only in Outlook)
To do this you must follow two pieces of documentation:
Documentation to perform an IP whitelist within Proofpoint
Documentation to remove the gray banner:
3. Be able to use Proofpoint’s reporting button
3.1. Add a tag to Riot emails so Proofpoint can recognize them.
To do this, add a firewall rule:
Add a policy route :
Create a bypass rule for security using the policy route created :
3.2. Button configuration
Whitelist Riot :
2. Notify Riot when a user clicks on the mail :
3. Configure the communication that occurs when a user clicks the button:
