TAP for Employees

Proofpoint's TAP service analyzes email links by checking the intended site for malicious content.

When TAP detects a hyperlink in a plain-text email, it will rewrite the URL in plain text. In this case, you will see the rewritten URL directly in the body of the email.

If a URL is embedded and you hover over the link, the URL displayed will show the destination URL rewritten as a Proofpoint URL. The URL will function normally from the user’s perspective.

Proofpoint URLs will begin with https://urldefense.proofpoint.com. If you were to receive an email sent from someone outside of Fordham University that included a link to the EDUCAUSE homepage, you would notice the following:

• Display URL (what you will see in the email): www.educause.edu
• Embedded URL (what you will see if you hover your mouse over the link in the email): https://urldefense.proofpoint.com/v2/url?=http-3A__www.educause.edu&[….]

You may notice a one or two-second delay while a web page loads after clicking on a rewritten link deemed safe by Proofpoint.

If you click on a rewritten link deemed malicious by Proofpoint or the Office of Information Technology, a warning page will appear.

Targeted Attack Protection does not mean every link is safe for clicking. Exercise caution for any link in a questionable email.

For more information on TAP, view our Targeted Attack Protection User Guide. Questions? Call the IT Service Desk.