The issue of safe URLs being incorrectly flagged on inbound and internal emails has now been resolved and classification of emails has returned to normal. Customers wishing for release of all emails that were quarantined within the impacted timeframe should raise a request to tessian-support@proofpoint.com.

The availability of manual release of emails from the portal has been intermittent due to the increased load on our systems but has now been resolved. A limited event view may be shown in some cases to allow the email to be remediated.

The situation remains stable, with no new URL's being incorrectly flagged. The team are still assessing options to re-process emails affected by the incident, but this will take time. For customers experiencing issues viewing events in the portal, we are seeing steady improvements when loading events. In the meantime, we recommend manually reviewing and releasing emails where possible. Thank you for your patience, we'll continue to share updates as progress is made.

As of approximately 6:00 AM UTC there should be no more emails incorrectly flagged as phishing because of the corrupted rule - the team is continuing to monitor the incident. Any edits made to Adaptive Email Security filters because of this incident can now be reverted. We are assessing the options for remediation of emails incorrectly flagged as phishing during this incident and will update once a decision has been made.

The team continues to make progress identifying URLs impacted by the initial incident and remediating each in turn, but an ETA on when this will be complete is not yet available. We are also looking into additional remediation steps for emails incorrectly flagged as Phish as a part of this incident, and will update once we have more information.

The team has identified a bad rule in the Proofpoint integration which incorrectly flagged URLs as Phish. The issue with the corrupted rule has been resolved, and Proofpoint is working to identify and resolve all URLs incorrectly flagged.