Change ATP SafeLinks URL
Starting ATP URLS with https://.safelinks.protection.outlook.com/ gives the impression that a URL is safe.
We've had numerous malicious URLs sent to our users that were not blocked by ATP, by putting the name "safelinks" in the URL you give the impression the URL is safe even though that's not always the case.
Instead consider some of the following alternative names:
In addition to the unfriendly rendering of URLs, this service is PREVENTING me from navigating to legitimate, commonly used sites like eBay. The service doesn't give me a way to override the invalid block and the URL obfuscation prevents me from navigating to the site manually. This is a complete failure in terms of usability and protection from navigating to malicious sites! Please give me a way to disable this worthless function! I'm getting VERY frustrated.
Alec Rawls commented
How do I turn off this rotten garbage? I send links to myself all the time and now they all arrive unusable. Everything gets converted to gobbledygook and as soon as Microsoft abandons this fiasco every one of these links will go dead. There's GOT to be a way to turn it off. What is it?
In general, will Microsoft PLEASE stop dumping all kinds of new garbage on me without me wanting it? At the minor end I can't stand way they keep foisting THEIR pictures onto the login page of MY computer, or the stupid cutesy questions they put with their cutesy pictures, but those are just annoyances. Garbage like safelinks is SERIOUS. What the ****?
Microsoft is adding "Native Link Rendering" in the coming weeks, but you will have to update your Outlook client. https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Microsoft-Ignite-Session-Recap-and-Feature-Updates-for-Office/ba-p/112766
Jason Hartman commented
It would also be helpful if there was a format that made it very clear what the original URL was. As they are today it appears there can be a lot of metadata following, but is hard to be sure of the original URL and if it has significant metadata.
Prefixing the URL with a long file name is problematic from an end-user education standpoint. We train users to inspect URLs before clicking on them. The long ATOP SafeLinks URLs are very unwieldy, particularly on mobile devices. Mobile phishing is becoming more and more of a problem.
How about going with a shortened URL, and please, avoid the URL encoding (the browser will encode the link automatically, when the user clicks on it, IIRC). Here's a SafeLinks format that would be far easier to train to: