When customers then click on on the rewritten hyperlink, the server runs a examine to see if the hyperlink factors to a identified phishing or malware web site and primarily based on the end result, both blocks entry to it or redirects the request to the ultimate vacation spot. The profit is that if an internet site is flagged as malicious at a later time, all rewritten hyperlinks pointing to it’ll cease working, delivering safety to all customers.
Nonetheless, the success of this method in follow is debatable and it has downsides too. First, this breaks cryptographic e mail signatures as a result of the safe e mail gateway modifies the unique e mail by altering the hyperlink. Then, the rewritten hyperlinks obfuscate the true locations, which in some instances could possibly be clearly suspicious simply by taking a look at them.
For instance, Microsoft provides this characteristic beneath the title Secure Hyperlinks for Workplace 365 customers, the place hyperlinks in incoming emails and messages in apps like Outlook and Groups are rewritten to na01.safelinks.safety.outlook.com/?url=[original_URL] and this characteristic has been criticized previously by safety firms for not really performing dynamic scans or for being straightforward to bypass with site visitors redirection primarily based on IP — Microsoft’s IP addresses are publicly identified — or by utilizing open redirect URLs from professional and trusted domains.
