Reduced Efficacy of Email Exfiltration for some customers

Update timeline

1. resolved May 13, 2026, 04:00 AM UTC

   Status: Resolved Proofpoint discovered and fixed an issue impacting Email Exfiltration efficacy for a subset of customers. From May 12th 2026 till May 22st 2026, the daily job to identify new Unauthorized address failed to successfully update for a subset of customers. This meant no new unauthorized addresses were associated with end users for those tenants - reducing efficacy over time. • Email Exfiltration still ran against outbound emails, using the list of unauthorized addresses as of May 12th. • Zero day detection was still running, catching potential unauthorized addresses not yet associated with a specific user. Once Proofpoint discovered the issue, we worked quickly to correct the issue moving forward and update all tenants with a current list of Unauthorized Addresses as of May 22nd 2026. Our team investigated the critical miss in monitoring, and is deploying a redesigned method to address the fundamental failure and catch such things in the future. Please feel free to open a support ticket if you have any additional questions. Affected components Proofpoint Cloud Email Security Platform (Operational) Proofpoint API (Operational) Core Email Protection API (Operational) AEDLP Email Misdelivery Protection (Operational) M365 Add-in (Operational) Proofpoint Portal (Operational) Reported Emails (Operational) AEDLP Custom Policies (Operational) Gateway (Operational) COM Add-in for Windows (Operational) AEDLP Email Exfiltration Protection (Operational) Core Email Protection API (Operational) Investigate and Respond - Email Search (Operational)