Fix ATP safelinks
Advanced Threat Protection Safelinks is not always working correctly and putting users off legitimate links as the whole link text is rewritten rather than the underlying hyperlink. For example, take this support email from Citrix.
Thank you for contacting GoToMyPC Global Customer Support. A customer support representative will respond to you shortly. Your case number for reference is 09452941. Please do not reply to this email.
Please feel free to visit our support site at https://emea01.safelinks.protection.outlook.com/?url=http%3a%2f%2fsupport.citrixonline.com%2fGoToMyPC&data=01%7c01%7cnick.ioannou%40rgp.uk.com%7c2d3df5049c2e4c5a2e7a08d34419aa0d%7ce5f0406515b54ab9b46a8792ebe60f01%7c0&sdata=zAEOz1mYOuGzVM7Fm5VNmGDPBTvzodjWer2fofeKbnQ%3d for quick answers to your most common questions.
Global Customer Support
Citrix Online Division: https://emea01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.citrixonline.com&data=01%7c01%7cnick.ioannou%40rgp.uk.com%7c2d3df5049c2e4c5a2e7a08d34419aa0d%7ce5f0406515b54ab9b46a8792ebe60f01%7c0&sdata=XrvG7%2b9J6uZ9XVCNiS7IuCif87ykDQtqdRFFY8bZpq4%3d Citrix Systems, Inc.
Citrix Online Product Support Center: located at https://emea01.safelinks.protection.outlook.com/?url=http%3a%2f%2fsupport.citrixonline.com&data=01%7c01%7cnick.ioannou%40rgp.uk.com%7c2d3df5049c2e4c5a2e7a08d34419aa0d%7ce5f0406515b54ab9b46a8792ebe60f01%7c0&sdata=NlrYx4KV%2f6HTKXC4XiqerJJegTKb%2fNDDL8hpJcYTewg%3d
Connect with us on Twitter: @GoToMyPC, @GoToAssist, @GoToMeeting, @GoToWebinar, @GoToTraining
MS - you idiots -- you have crashed all my URLs in any emial
Ian Veach commented
In case Microsoft doesn't understand hypertext, a link is composed of two parts - the href and the link text. ATP should be rewriting the href as appropriate. It should not be rewriting the link text - that is not in the spirit of hypertext, nor helpful in that the link text should provide an easy to read context for the href.
Some might argue that the user is "not safe" if they see the unchanged link text, or that it doesn't match the href. It never WAS supposed to match - they are different entities of the link. The point of ATP is to rewrite the href to a safe one, not obfuscate via encoding the textual clue for the link. I would argue you've made it far more unsafe with it being difficult to read the visual clue of the link text.
If this was a plaintext email that remained plaintext, the URL should be unchanged. It it is converted by email client or even an MTA, the rule should still apply: Keep the unconverted text as the link text and convert it into the ATP link for the href.
Douglas Plumley commented
If this is a plaintext email I think it's expected to see ATP rewrite the text/hyperlink as they aren't separate like with a HTML message.