Proofpoint Target Attack Protection URL Defense

What is Proofpoint TAP?

With millions of emails being received every day, we are bound to come upon emails that are considered spam or fraudulent (phishing) messages.

BMCC uses Proofpoint Targeted Attack Protection (TAP) to scan and block malicious URLs and attachments.

How URL Defense Works?

URL Defense scans incoming e-mail for known malicious hyperlinks and for attachments containing malware. This feature rewrites scanned URLs to Proofpoint’s standard URL format: Once a link is rewritten, it is analyzed for any potential malicious content. If categorized as malicious you will be redirected to a block page upon clicking the link. URL Defense works behind-the-scenes and will already be implemented in your system.

How Does TAP Work?

Re-written links start with https://. The visible link text show as a link, but if you hover your mouse over the link you can see the re-written link, as shown below:


If you receive Plain-Text e-mails:

When URL Defense detects a hyperlink in a plain-text e-mail (non-HTML), it will rewrite the URL in plain text. In this case, you will see the rewritten URL directly in the body of the email. E-mails with HTML or rich text are most common, so Plain-Text rewrites will occur infrequently.

Blocked Messages

Blocked Email

When users click on a re-written link (example shown above) Proofpoint has been deemed malicious, users will be presented with a warning page.

Blocked Screen

If you forward an e-mail with a re-written link:

Once URL Defense has rewritten a URL, if the message is forwarded or replied to, the URL will remain rewritten. Additional links added to the message being replied to or forwarded will not be rewritten.

What if a link was wrongly blocked and you actually need access?

If a link is blocked, you can request the link to be reviewed and the block removed if the website is not malicious. To request a review, send an email to with “URL Rewrite Block Removal” in the subject.

Is there an exception process for some URLs to not be re-written?

At the moment there are no exceptions. URLs are being re-written instead of being blocked. Blocking comes from URL isolation, and our team can make exceptions in this system.