TEXAS A&M UNIVERSITY
Email Security
Audience: Email Security Administrators and Security Operations teams.
Scope: This section covers email security tools, policies, and procedures including Proofpoint, Microsoft 365 security, and DMARC implementation.
Quick Links
| Resource | Purpose |
|---|---|
| Proofpoint Cloud Console | Proofpoint administration |
| Proofpoint TAP | Targeted Attack Protection |
| Microsoft Security Portal | M365 security administration |
| Restricted Users | Unblock users |
Documentation Sections
Proofpoint Protection Server
- Admin Accounts — Administrator management
- End User Management — User aliases and consolidation
- Quarantine Release — Managing quarantined messages
- Safe/Block Lists — Allowlist and blocklist management
- TAP — Targeted Attack Protection URL management
Microsoft 365 Security
- Compromised Users — Investigating and resolving compromised accounts
- Restricted Users — Unblocking restricted accounts
DMARC & Email Authentication
- How DMARC Works — SPF, DKIM, and DMARC alignment
- DMARC Grafana — Monitoring and analysis dashboards
- 3rd Party Mailers — External sender configuration
Operations
- Log Monitoring — Email log access and analysis
- Metrics — Weekly metrics reporting
- Secure Reader — Encrypted email portal
Key Concepts
Email Authentication Flow
DMARC Alignment
DMARC ensures that SPF and DKIM authentication mechanisms authenticate against the same domain the end user sees.
| Mechanism | Passing | Alignment |
|---|---|---|
| DKIM | Signature validated using public key | Signing domain matches From header |
| SPF | IP listed in SPF record | Envelope From matches From header |
DMARC Pass Requirement
A message passes DMARC by passing DKIM or SPF, as long as the related indicators are also aligned.