Is proofpoint being malicious
or deceptive* in its use of these domain names ? If not it seems as if their use is reasonable. To provide good training it has to use domains that have to be good enough to fool those being trained. The UDRP arbitrator is wrong and facebook is being an ass (nothing new there).
* Other than trying to deceive those being trained.