# Forward phishing emails from Proofpoint PhishAlarm

In this article, you configure the Proofpoint PhishAlarm button to automatically forward user-reported emails to a Radiant Security mailbox. To analyze these emails, Radiant requires copies of the originals, which are obtained by forwarding them from your environment to a designated Radiant address. PhishAlarm lets you choose which address receives these messages, such as a SOC mailbox or Radiant, for each email category, including simulated phish, potential phish, safelisted messages, and training emails.

### Prerequisites

* [ ] You have completed the steps in the [phishing email forwarding overview](/radiant-connectors/connectors-and-data-ingestion/phishing-email-forwarding-overview.md), including enabling your monitored domains.
* [ ] You are an administrator of the Proofpoint Security Education Platform with permission to edit PhishAlarm settings.

### Enable auto-forwarding to Radiant Security

In this phase, you configure PhishAlarm to forward potential phishing reports to Radiant Security and ensure the original message attachments are included.

1. Sign in to the [Proofpoint Security Education Platform](https://login.threatsim.com/users/sign_in).
2. From the left side menu, go to **PhishAlarm > Settings**.
3. In the **Reported Email Handling** section, under **Potential phishing email handling**, toggle on the **Forward to the following email addresses** setting and add the Radiant Security mailbox address: `alerts@report.radiantsecurity.ai`
4. Scroll down to the **File Delivery Settings** section.
5. Select **Forward the included attachments in the reported email**.

<div align="left"><figure><img src="/files/BfL718XXq9WbRzrT1HNW" alt=""><figcaption></figcaption></figure></div>

6. Click **Save Changes**.

### Verify the integration

After you save your changes, confirm reports are reaching Radiant.

1. From any mailbox in your organization, send a test message to yourself.
2. Use the PhishAlarm button to report the test message as phishing.
3. Sign in to [Radiant Security](https://app.radiantsecurity.ai/) and check the **Alerts** and **Cases** tabs for the triaged report.

If the report does not appear, confirm the following:

* The forwarding address in **Forward to the following email addresses** is exactly `alerts@report.radiantsecurity.ai`.
* **Forward the included attachments in the reported email** is enabled in the **File Delivery Settings** section.
* The reporter's domain is enabled in [Radiant's Monitored Domains](https://app.radiantsecurity.ai/settings/organization/phishing-configuration) tab.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/connectors-and-data-ingestion/phishing-email-forwarding-overview/forward-phishing-emails-from-proofpoint-phishalarm.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.