Overview

An entry for each of a user’s inbound and outbound messages is logged in Proofpoint and shown on the Quarantine tab of the user interface. The entry shows information about the message, not the actual message content.

You can also choose to receive an emailed digest listing quarantined messages.

Why Messages Are Quarantined

Messages are quarantined because they are deemed to be potentially harmful or as a result of being caught by a filter or blocked sender list entry. Most, but not all, quarantined messages can be released, thereby being sent or delivered as originally intended. The length of time quarantined messages remain visible is set up as part of the quarantine digest, but is at most 30 days.

A message may be quarantined if:

• It contains a virus. Such messages can be seen but cannot be released.
• It has been classifier as spam (subject to user and company spam settings). Such messages can be seen and may be released.
• It has been quarantined as a result of a custom filter. Depending on the filter settings, such messages may be seen and may be able to be released.
• It matches an entry in the blocked sender list.

Viewing quarantined email

When you first log in to the Proofpoint Essentials user interface the first view you see will be your quarantine email log. 

By default, the log will show any inbound quarantined message processed by Essentials yesterday or today, although you can choose a different time period and search for specific messages.

To see more information about a specific message, click Detail to its right. The information shown may be useful for an administrator to help diagnose quarantine issues, and can be used to block messages from this sender in the future.

A maximum of 1000 records will be shown.

For each message, the following information is shown:

• From (includes both ‘From’ Header and Envelope Sender, when available)
• To
• Subject
• Date/Time
• Category
• Size
• Status

Quarantined Log Actions

Perform these steps on the Quarantine tab.

1. Check the checkbox next to the message(s) on which you wish to take action.
2. From the Actions list, choose the desired action:
   • Release from Quarantine — releases the selected messages from quarantine, causing them to be sent or delivered.
   • Release & Approve — releases the selected messages from quarantine, causing them to be sent or delivered. In addition, the sender address will be added to the Safe Sender list.
   • Resend (Instant Replay) — re-sends the selected messages to the inbox, causing them to be re-sent to the destination server. This makes a copy of the original message, so the original message-id and message delivery timestamp will be retained. Note that this is an optional feature.
   • Classify as clean — classifies the messages as not spam, causing them to be sent or delivered.
   • Classify as spam — classifies the messages as spam, causing them to be reported to the spam engine.
   • Report as false positive — allows you to re-classify the message as a false positive: you are prompted to add an explanatory comment and, optionally, grant permission to the Proofpoint spam team to review the contents of the email.
   • Report as false negative — allows you to re-classify the message as a false positive: you are prompted to add an explanatory comment and, optionally, grant permission to the spam team to review the contents of the email.
   • Hide email from logs — hides the email from both user and administrator views of the log/quarantine.
3. Click Apply.

If an action cannot be applied to the selected message(s), the checkbox is not visible.

To download a message, open it and click Download.