Proofpoint Targeted Attack Protection (TAP): Targeted Attack Protection: URL Defense & Attachment Defense for incoming email

Email Security 

Targeted Attack Protection 

URL Defense & Attachment Defense

Duke receives tens of millions (yes millions) of emails every day.  The vast majority of these emails are spam or fraudulent (phishing) messages. 

Duke uses Proofpoint Targeted Attack Protection (TAP) to scan and block malicious URLs and attachments.  

Duke-to-Duke emails using Office 365 are not affected, with some exceptions.

URL Defense: 

  • Emails are assessed for malicious URLs (links)  
  • Links are rewritten to a safe URL (…) 

You will notice these rewritten URLs  

  • If link is clean, it’s routed to recipient as usual 
  • If malicious, the link is blocked when clicked. 

Attachment Defense: 

  • Email attachments are assessed for malicious attachments
  • Attachments are tested by Proofpoint for malware and viruses. 
  • If malicious, email is not delivered.   
  • The IT Security Office receives notification of all malicious attachments to prevent future attacks.  


For help, contact your local IT support or a service desk.  

Duke University, contact 919-684-2200.  

Duke Health, please contact 919-684-2243. 

For more information visit

You may report suspicious IT activity at 


Article number: KB0024212

Valid to: January 5, 2025