Proofpoint Override Phish/SPAM Score

If adding MetaCompliance's IPs to the Organizational Safe List isn't sufficient and Proofpoint still assigns a Phish Score 100 that triggers the inbound_phish policy, use a scoped Email Firewall Rule.

Part A — Create a Policy Route for MetaCompliance's IPs

  1. Click System, then Policy Route on the left-hand menu.
  2. Click New Route.
  3. Give the route an ID with no spaces (e.g. MetaCompliance_Sim) and a description.
  4. Click Add Condition.
  5. Set Condition to Sender IP Address, Operator to Equals, and enter one of MetaCompliance's mail server IPs (see MetaCompliance Mail Server IP Addresses).
  6. Click Add and New Condition, select the OR radio button, and repeat step 5 for each remaining IP.
  7. Click Add Condition to close the pop-up.
  8. Click Save Changes.

Part B — Create an Email Firewall Rule to inject a header for verified MetaCompliance mail

  1. Click Email Protection > Email Firewall > Rules.
  2. Click Add Rule.
  3. Set Enable to On.
  4. Give the rule an ID (no spaces) and description, e.g. MetaCompliance_Header_Inject.
  5. Click Restrict Processing and select the MetaCompliance_Sim policy route created in Part A. This ensures the rule only ever evaluates mail from MetaCompliance's verified IPs.
  6. Click Add Condition, set Condition to Message Size, Operator to Greater Than or Equal, and Value to 1. (This matches all messages that passed the policy route restriction, since the route already narrowed the scope.)
  7. Under Dispositions, click Change Message Header.
  8. Set Operation to Add Header.
  9. Enter a header name and value unique to your organization, e.g. X-Org-SimAllow: metacompliance-verified.
  10. Click Add, then Save Changes to activate the rule.

Part C — Create a narrow Custom Spam Rule that acts only on the injected header

  1. Click Email Protection > Spam Detection > Custom Rules.
  2. Click Add Rule (or equivalent — labeled New Rule in some PPS versions).
  3. Give the rule an ID and description, e.g. MetaCompliance_Phish_Override.
  4. Under Conditions, add a condition matching the header inserted in Part B — e.g. Header X-Org-SimAllow Equals metacompliance-verified. (Confirm the exact header-condition field label in your PPS version, as this can vary slightly by release.)
  5. Optionally, add a second condition (AND) repeating the Sender IP Address Equals check from Part A, so the override only fires when the message is from a verified IP and carries the header — closing the gap where someone forges only the header without controlling MetaCompliance's actual sending infrastructure.
  6. Under Disposition, set the Action to Classify as Not Spam.
  7. Click Save Changes.
Back to all articles