Email came in with subject starting with ***UNCHECKED***

Created by Yves Lacombe, Modified on Tue, 12 Jan 2021 at 03:54 PM by Yves Lacombe


Email comes in with subject line ***UNCHECKED*** -- it looks like a spam and it contains a zipped attachment.



Proofpoint didn't tag it as a spam via conventional means (for instance, the IP reputation of the sender is neutral or good) and the zip file is encrypted with a password.  So proofpoint is warning you "hey, this email came in but we weren't able to look at the attachment because it's passworded/encrypted".


You can create a rule to block passworded zip files. 

If attachment is (click on the type) ... do quarantine.  This is what you get when you use the attachment type selector.  You need to pick "undecipherable".