Hi,

PSU uses Microsoft "safelinks" as of a few months ago which is similar.

It was pointed out that this "feature" actually makes users less secure 
and more likely to fall for phishing attacks. The complaints fell on deaf 
ears.

You can't rewrite message bodies without breaking PGP signatures. Also, 
you can't verify that a message is really PGP signed without every 
sender's public key.

Microsoft just looks for "pgp signed" somewhere in the message body.

I'm sure that proofpoint has to do something similar. If you can figure
out what it does, you can at least cause your messages not to be 
rewritten.

I'll include a couple of links here to see if my signature has any effect:

 	https://urldefense.proofpoint.com/v2/url?u=https-3A__arstechnica.com_&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=T1iZwapzXbIi4JLbBCnP38Ro1p2oI3cIySeI0ZN-XJQ&s=_7L9QKlMXgH13BlmXTxbcGdOMxEWc3zglupXG8wMXXI&e=
 	http://www.fnal.gov/
 	https://urldefense.proofpoint.com/v2/url?u=http-3A__www.lanl.gov_&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=T1iZwapzXbIi4JLbBCnP38Ro1p2oI3cIySeI0ZN-XJQ&s=mJql-MMfFHbr-rrtZcnnPCwDo_iVDv9yq1NcLMbcGQU&e=
 	https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=T1iZwapzXbIi4JLbBCnP38Ro1p2oI3cIySeI0ZN-XJQ&s=VMVCwSbpwpwIOJbXZRrcvGRmQxxShFWSta3rdH1ehts&e=

Cheers,

Ron

-- 
Blindly following a list of best practices is not a best practice.
<begin pgp signed message to disable safelinks/>
On Tue, 24 Jul 2018, P. Larry Nelson wrote:

> Date: Tue, 24 Jul 2018 13:40:44 -0500
> From: P. Larry Nelson <[log in to unmask]>
> To: Jon Pruente <[log in to unmask]>, Glenn Cooper <[log in to unmask]>,
>     [log in to unmask]
> Subject: Re: SP: proofpoint.com URLs in sl-users messages
> 
> I concur with the previous posts about ProofPoint.
> The U of I campus implemented this several years ago.
> I complained.  Fell on deaf ears.
>
> Implemented by our security folks.  Rationale being that 99% of the campus 
> email users (i.e., using the campus Exchange server) are either too lazy 
> and/or too unaware of the dangers of blindly clicking on a URL in their 
> emails.
>
> However, U of I email with a URL in the message body shows the real URL (in 
> blue and underlined - unless the URL is hidden via the html "<a href=" 
> construct), but when you move the mouse pointer over the URL, (at least in 
> Thunderbird) the bottom horizontal box of T-bird (I'm sure it has a more 
> official name) then shows the long obfuscated urldefense URL.
>
> So, in our case, one can just copy/paste the URL in the message body to a 
> browser and NOT go thru ProofPoint.
>
> The other aspect of the U of I's ProofPoint config is that it only affects 
> email composed in HTML format, and since I generally loathe doing that unless 
> absolutely necessary, I almost always compose in ASCII mode.
>
> So, I suppose this might be a test of how Fermilab has implemented ProofPoint 
> as I will now include a rather well known URL here 
> (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=Ma0w4F56naDITDGkKlQvVJtetzaOiMo7eexfGKNZgfo&s=j_HbB2h_p9zjRUhPqMrTbEdV3hg8KvFr66CCOEJkwDA&e=) 
> and see how it arrives in your inbox.
>
> : -)
>
>
>
> Jon Pruente wrote on 7/24/18 12:33 PM:
>>  On Tue, Jul 24, 2018 at 12:20 PM, Konstantin Olchanski
>>  <[log in to unmask]> wrote:
>>>  On Tue, Jul 24, 2018 at 09:39:37AM -0500, Glenn Cooper wrote:
>>>  Some people dislike these email manglers because they replace obviously
>>>  safe URLs (zzzz://triumf.ca,
>>>  https://urldefense.proofpoint.com/v2/url?u=http-3A__bnl.gov&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=9MsrWO_OsZsUg1N098OjP5FVq11d4xFs7FQSsO0fvOg&s=hNpBcmIgNIJC38WgFxk6q0e-BDk3eAeFQnaJXmIOK3Y&e=,
>>>  zzzz://gnal.gov, etc)
>>>  with magical "eat me" cookies.
>>>
>>>  Maybe these manglers cut down on nigerian fishing, but I think there
>>>  is a net decrease in security because everybody is forced
>>>  to click links without knowing exactly where they go.
>>
>>  Another failure of using such a service is that the URLs are now
>>  mangled inside the ProofPoint URL. When at some point in the future
>>  the ProofPoint service is discontinued or is no longer used by
>>  Fermilab (it will happen, some day, one way or another) the URLs that
>>  were originally submitted are lost. A "safe" link and a
>>  non-HTML-sanitized copy of the original URL would be a welcome
>>  safeguard from being hostage to the service for a clean copy of the
>>  URL for several reasons, even to just know what the URL is targeting
>>  along with having the option to not follow the link through the URL
>>  filtering service for tracking and privacy concerns. expressed by
>>  Konsantin.
>> 
>
>
> -- 
> P. Larry Nelson (217-693-7418) | IT Administrator Emeritus
> 810 Ventura Rd.                | High Energy Physics Group
> Champaign, IL  61820           | Physics Dept., Univ. of Ill.
> MailTo: [log in to unmask]   | 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__hep.physics.illinois.edu_home_lnelson_&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=Ma0w4F56naDITDGkKlQvVJtetzaOiMo7eexfGKNZgfo&s=zuwvjMwO6N3LEFjVQk1g1psUnqgccVLNrF7TNvgHQRY&e=
> ------------------------------------------------------------------------------
>  "Information without accountability is just noise."  - P.L. Nelson
>
>