Summary
Several corporate filter appliances and software actively follow links in emails to protect users from malicious content. Commonly mentioned solutions include Barracuda, Microsoft (Safe Links), Mimecast, Proofpoint, Avanan, Cisco Email Security Appliance, and Forcepoint Email Security. These systems employ techniques such as URL rewriting, sandboxing, and real-time analysis to assess the legitimacy of links before allowing users to access the destination. The level of aggressiveness and the specific methods used vary between providers.
Key findings
- Prominent Solutions: Barracuda, Microsoft Safe Links, Mimecast, Proofpoint, Avanan, Cisco Email Security Appliance, and Forcepoint Email Security are consistently cited as solutions that follow links.
- URL Rewriting: URL rewriting is a prevalent technique where original URLs are replaced with the security vendor's URL for analysis.
- Sandboxing & Analysis: Many systems use sandboxing or virtual environments to analyze links and determine if they are malicious.
- Time-of-Click Protection: Solutions like Microsoft Safe Links and Mimecast URL Protect provide time-of-click verification to block malicious URLs in real-time.
- Aggressiveness Variation: The aggressiveness of link following varies; some solutions like Proofpoint are more aggressive, while others are configurable.
Key considerations
- Resource Implications: Link following is resource-intensive, so providers have different thresholds and implement it based on cost and performance considerations.
- Configuration Needs: The effectiveness of Microsoft Safe Links and other configurable solutions depends on proper configuration by the administrator.
- Identifying Entities: Accurately identifying the specific entity clicking a link is challenging due to various factors like timing, location, and user agent.
- Potential Skewing: Link following by security systems can skew email marketing metrics. It's necessary to filter this traffic for accurate reporting.
- False Positives: Aggressive link following might lead to false positives; therefore, continuous monitoring and adjustment are essential.
What email marketers say
13 marketer opinions
Several corporate filter appliances and software actively follow links in emails for security purposes. These solutions aim to identify and prevent malicious content from reaching end-users. Common appliances that perform this function include Barracuda, Microsoft (Safe Links), Mimecast, Proofpoint, Avanan, and Cisco Email Security Appliance. The techniques used involve URL rewriting, sandboxing, and destination analysis, with some solutions being more aggressive in their link-following approach than others.
Key opinions
- Common Appliances: Barracuda, Microsoft (Safe Links), Mimecast, Proofpoint, Avanan, and Cisco Email Security Appliance are frequently mentioned as solutions that follow links.
- URL Rewriting: URL rewriting is a common technique where original URLs are replaced with a security vendor's URL for analysis before redirection.
- Aggressiveness Varies: Some solutions, like Proofpoint, are considered more aggressive in clicking every link, while others have configurable settings.
- Sandboxing & Analysis: Many systems utilize sandboxing or virtual environments to analyze the legitimacy of links.
- Educational Addresses: There are reports of unidentified entities specifically targeting and clicking links in emails sent to educational addresses.
Key considerations
- Configuration Settings: Microsoft Safe Links' behavior depends on the administrator's settings; ensure appropriate configuration for desired security levels.
- Impact on Metrics: Link following by security appliances can skew email marketing metrics; consider filtering bot traffic for accurate reporting.
- False Positives: Aggressive link following may lead to false positives; monitor and adjust settings to minimize disruptions.
- Identification Challenges: Determining definitively what is clicking a link is complex. Factors such as timing, location, and user agent can offer clues, but attributing clicks is complex
Marketer view
Email marketer from Reddit mentions that several email security solutions like Proofpoint, Mimecast, and Microsoft Defender ATP (Safe Links) actively scan and follow links in emails.
30 Jul 2024 - Reddit
Marketer view
Marketer from Email Geeks explains that Microsoft will follow links depending on the admin's settings using Safe Links.
2 Apr 2024 - Email Geeks
What the experts say
6 expert opinions
Email security solutions actively analyze links in emails, employing techniques like URL rewriting and inspection. Prominent vendors like Proofpoint, Microsoft, Mimecast, and Barracuda are frequently cited, with Cisco potentially offering similar capabilities. The extent of link-following depends on the provider, balancing security with resource constraints. Identifying the specific entity clicking links presents a significant challenge, further complicating analysis.
Key opinions
- Key Vendors: Proofpoint, Microsoft, Mimecast, and Barracuda are identified as providers that follow links in emails.
- URL Rewriting: Solutions like Proofpoint URL Defense rewrite URLs to analyze them before redirection, effectively following the link.
- Cost Considerations: All providers have the ability to follow links, but implement different thresholds due to the expense in resources and time.
- Link Inspection: Most providers do link inspection on some level, but limit it to borderline emails due to the cost.
- Identification Difficulty: Identifying exactly what is clicking a link is challenging due to various factors.
Key considerations
- Threshold Management: Each provider has different thresholds for link following, which may need adjusting based on organizational needs.
- Aggressiveness Identification: Barracuda is noted as being more aggressive and easier to identify as a link-following provider.
- Attribution Complexity: Factors like timing, location, and user agent complicate accurately attributing link clicks to specific sources.
- Resource Implications: Link following is resource-intensive; balancing thorough inspection with performance is crucial.
Expert view
Expert from Email Geeks shares that Proofpoint follows links and rewrites URLs. Also names Microsoft, Mimecast, and Barracuda as well. They believe Symantec has this feature as well.
16 Jun 2024 - Email Geeks
Expert view
Expert from Email Geeks explains that all providers have the *ability* to follow links, but they have different thresholds for when to do it because it's expensive in terms of resources and time.
4 Dec 2021 - Email Geeks
What the documentation says
5 technical articles
Several email security solutions, including Microsoft Defender for Office 365's Safe Links, Mimecast URL Protect, Proofpoint TAP URL Defense, Cisco Email Security Appliance, and Forcepoint Email Security, employ link following as a security measure. These systems rewrite URLs, analyze them at the time of click, and block access to malicious sites, leveraging sandboxing and URL analysis.
Key findings
- Time-of-Click Verification: Microsoft Safe Links provides time-of-click verification of web addresses to protect against malicious URLs.
- URL Rewriting & Scanning: Mimecast URL Protect rewrites URLs and scans them at the time of click to protect users.
- Sandboxing & Blocking: Proofpoint TAP URL Defense rewrites URLs, analyzes them in a sandbox, and blocks access to malicious URLs.
- Configurable Analysis: Cisco Email Security Appliance can be configured to perform URL analysis and rewrite URLs.
- Malicious Content Check: Forcepoint Email Security analyzes URLs and follows links to check for malicious content.
Key considerations
- Proactive Protection: These solutions offer proactive protection against malicious URLs in email messages.
- Real-Time Analysis: The systems analyze URLs at the time of the click, providing real-time protection.
- Comprehensive Security: The solutions leverage techniques like URL rewriting, scanning, and sandboxing for comprehensive email security.
- Configurability: The Cisco Email Security Appliance offers configurability, allowing administrators to tailor the URL analysis settings.
Technical article
Documentation from Forcepoint describes how Forcepoint Email Security can analyze URLs in emails and follow links to check for malicious content.
29 Dec 2024 - Forcepoint
Technical article
Documentation from Cisco explains that the Cisco Email Security Appliance can be configured to perform URL analysis and rewrite URLs for protection against malicious websites.
5 Apr 2023 - Cisco
Are there any tools available to report on Verizon's new data feeds?
Can linking to PDF files in email cause bounces due to Mimecast or other security filters?
Do email security software solutions click hyperlinks in emails?
How can I test email deliverability to mailboxes protected by Mimecast?
How do I identify what spam filter a company is using?
How do Mimecast and Proofpoint scrutinize senders, and what best practices can improve inbox placement beyond whitelisting?
