Proofpoint’s Targeted Attack Protection (TAP) helps protect against and provide additional visibility into phishing and other malicious email attacks.

How Does TAP Work?

With TAP, URLs in an email message may be rewritten to show where the links are pointing:

tap url rewriting screenshot


If you are viewing your email in plain text, the URL rewrite may look like this:

plain text url screenshot


When you click a URL in an email message, the URL is redirected to Proofpoint’s cloud service. If the URL is not known to be malicious, you will be automatically redirected to the original URL. If the URL is malicious, you will see a warning message, and the site is blocked in your browser.

tap blocked site screenshot

Rewritten URL decoder

To make the link more readable, users can use the below decoder to restore the original link text.

Copy and paste the rewritten link into the box and click Decode which will provide you with the original link.

Decoded URL: