Proof that PROOFPOINT are security morons?
The tagline "Keep your people safe with Proofpoint" is like the a Yelp posting recommending the Big Bad Wolf's babysitting services. Point of proof: A DMARC (Domain-based Message Authentication, Reporting, and Conformance) record is defined, but misconfigured properly. Which means that there is no enforcement for subdomains of proof point.com. Ergo, ANYONE can send messages purporting to be from addresses on its subdomains. Which begs the question:
If Proofpoint can't even protect its own people from email impersonations, how can they protect you?