Data Privacy and Security Information Sheet:
Proofpoint Email Fraud Defense

View Data Map

The purpose of this document is to provide customers of Proofpoint’s Email Fraud Defense with the information necessary to assess how the product can support and enhance their data privacy strategy.

Email Fraud Defense – Product Statement

Email fraud can be hard to detect using traditional cyber defense tactics. This is because the bad actors do not always rely on harmful URLs or attachments that are typically flagged as malicious. More commonly, they employ social engineering techniques designed to trick people into believing that an email is coming from a trusted source.

Email Fraud Defense leverages data from integrated Proofpoint products to identify imposters and block fraudulent emails that flow into Proofpoint’s secure email gateway, other business gateways, third party email systems, and third party email providers.

Information Processed by Proofpoint’s Email Fraud Defense

Email Fraud Defense processes inbound and outbound emails, as well as forensic message samples reported to Proofpoint, collecting and analyzing DMARC data located in the header of the emails, as well as threat data contained within the body of the email reports that are sent by third parties when DMARC processing fails, to stop your employees, business partners, and customers from being exposed to fraudulent emails. This includes limited personal data embedded in those emails.

Customer Access to Email Fraud Defense Data and Privacy Options

Email Fraud Defense data may be accessed by the customer administrators or authorized users. Processing results are made available to authorized users through the service’s comprehensive dashboard and application programming interfaces (APIs).

How Proofpoint Retains Records

To protect organizations from those on-going threats, Proofpoint analyzes the data collected through Email Fraud Defense and applies the results to its scanning and filtering process. DMARC forensic data is retained for up to 90 days, at which time it is securely deleted.

Proofpoint’s Use of Subprocessors

Proofpoint utilizes subprocessors to provide its services. A comprehensive list of the subprocessors may be found on the Trust site.


Proofpoint maintains a documented information security program that is aligned with the requirements of NIST 800-53 and ISO 27001. Security controls include the following:

  • Data in transit is protected using HTTPS/TLS.
  • Encryption at rest is accomplished using AES 256.
  • Access control mechanisms are present for physical and logical access to the facilities and the infrastructure hosting the services.
  • Proofpoint has implemented policies and procedures for the identification and remediation of vulnerabilities in its products and services. Please see
  • Proofpoint leverages a distributed security monitoring infrastructure to monitor for and alert on security incidents.
  • A 24-7 network operation center receives and responds to security alerts, escalating to on-call security personnel.
  • Proofpoint's information security program undergoes an annual third-party audit in the form of a SOC 2 Type II audit for the Availability, Confidentiality, and Security trust services principles.

© 2024. All rights reserved. The content on this site is intended for informational purposes only.
Last updated May 15, 2024.

Proofpoint Trust

Proofpoint helps companies protect their people from the ever-evolving threats in the digital ecosystem.