Our editorial staff evaluates products and services independently, but Top Ten Reviews may earn money when you click on links. Learn More


Proofpoint Review

Author by

PROS / Proofpoint provides a choice of deployment options, including cloud based, on premise and hybrid solutions. It offers industry-specific solutions to satisfy numerous regulatory compliance requirements, including those for healthcare, financial and government agencies.

CONS / Proofpoint solutions are complex and can include numerous modules that work together. The company provides professional services to help businesses figure out the best scenarios to fit their needs, but this high level of consultation may be out of reach for smaller operations.

 VERDICT / Proofpoint is an especially apt solution if you are looking for both email security and data loss prevention tools for your large company. A hybrid solution provided by Proofpoint may fulfill many of your needs in a cohesive package.

Proofpoint provides a long list of email security products, including policy-based email encryption, industry-specific solutions, email archiving and spam filtering. This Top Ten Reviews Bronze Award winner email encryption offerings include SaaS, gateway policy-based encryption and user initiated one-click encryption. Most of the product line is designed for larger organizations with industry-specific security requirements, such as for financial, education, government, health-care, hospitality, manufacturing and retail operations. Proofpoint has also recently acquired Maildistiller to offer email security plans that are suitable for smaller operations. However, the ability to send encrypted email is not included with Maildistiller subscriptions.


Knowing that to err is human, Proofpoint does not require you to trust your company's solvency on your employees making the final encryption decision. This email encryption software employs powerful policy-based filters to determine what requires encryption. Admins and compliance officers can configure encryption to initiate based on message content, user ID, group ID, domain or unique trigger. The policy-based encryption is supported by the Proofpoint Privacy solution, which includes data loss prevention tools. The two together are a powerful combination that can set additional rules for filtered content such as redirects, quarantining and blocking. To ease the burden on the compliance officer, Proofpoint comes with preconfigured policies that are suitable for enforcing compliance with HIPPA, GLBA, PCI and additional regulatory compliance agencies. The policy gateway can be hosted on premise or in the cloud.

Recipient Experience

There are a couple of ways in which the end user can open and view your secure message. If the message is sent to a trusted branch office or partner, it can be sent via a secure TLS connection. This is the simplest method, if it is available. In this case, both the sender and recipient just use email in the standard manner, while Proofpoint takes care of encryption/decryption behind the scenes. Since recipient-side downloads are unwelcome and challenging to maintain, Proofpoint offers push delivery. Using this method, recipients receive the message as an HTML attachment. When a recipient retrieves a message in this manner for the first time, that person has to create a Proofpoint account. Subsequent retrievals only require a login to access secure documents.

Administration Tools

Corporate customers that employ Proofpoint services can expect compliant email encryption suitable for their own regulatory requirements. Policies are managed at the gateway and can be configured using a graphical interface designed to assist you with defining corporate policies. Since Proofpoint is intended primarily for larger organizations that need customized solutions, it is not a one-download, click-and-go option. It may require multiple installations and a bit of configuring before you are up and running. However, this email encryption service does not require you to manage keys, greatly reducing the required resources. The Proofpoint Key Service manages keys.

In terms of deployment, the simplest method is to use the SaaS service. This takes most of the work off your team and reduces resource requirements. In-house hosting can be at the application level, as an appliance, at the gateway, using a private cloud or in a hybrid solution. If you are looking into working with Proofpoint, we recommend that you take advantage of pre-sales professional services to help you figure out the best solution for your specific needs. Once the service is deployed, Proofpoint provides three tiers of paid customer support. Paid training is also available.

Integrations & Compatibility

Proofpoint is compatible with most types of email including Outlook, Lotus and Gmail. It also offers security for mobile phones as well as desktops. Other services offered include the ability to send large files, apply digital signatures and create secure forms. Proofpoint's new product Maildistiller provides affordable subscription-based packages that provide antivirus, spam filtering, reporting, management features and email archiving.



Proofpoint offers corporate, enterprise-level cloud-based and on-premise email encryption solutions accompanied by powerful DLP encryption filters. It provides industry-specific solutions and numerous options for all levels of email and data security. Proofpoint is well known in the industry and is worth talking to if you are looking for a corporate email security solution to satisfy compliance requirements. However, if you are looking for email encryption software for a small company, you will want to consider a different email security company.