Reduced Efficacy of Email Exfiltration for some customers

Update timeline

1. resolved May 13, 2026, 04:00 AM UTC

   Status: Resolved Proofpoint discovered and fixed an issue impacting Email Exfiltration efficacy for a subset of customers. From May 12th 2026 till May 22st 2026, the daily job to identify new Unauthorized address failed to successfully update for a subset of customers. This meant no new unauthorized addresses were associated with end users for those tenants - reducing efficacy over time. • Email Exfiltration still ran against outbound emails, using the list of unauthorized addresses as of May 12th. • Zero day detection was still running, catching potential unauthorized addresses not yet associated with a specific user. Once Proofpoint discovered the issue, we worked quickly to correct the issue moving forward and update all tenants with a current list of Unauthorized Addresses as of May 22nd 2026. Our team investigated the critical miss in monitoring, and is deploying a redesigned method to address the fundamental failure and catch such things in the future. Please feel free to open a support ticket if you have any additional questions. Affected components Investigate and Respond - Email Search (Operational) Proofpoint Cloud Email Security Platform (Operational) AEDLP Email Misdelivery Protection (Operational) M365 Add-in (Operational) Reported Emails (Operational) AEDLP Custom Policies (Operational) Core Email Protection API (Operational) AEDLP Email Exfiltration Protection (Operational) COM Add-in for Windows (Operational) Proofpoint API (Operational) Gateway (Operational) Core Email Protection API (Operational) Proofpoint Portal (Operational)