ATP Safe Links "rich text format"
ATP Safe Links is not re-writing any URLs if the message is sent in Rich Text Format. This is a giant hole in the security that any malicious sender could exploit to send in links to our users. Same thing happens in HTML messages if you "remove hyperlink" before sending. All tenants using ATP Safe Links should test this, and then vote to get this resolved.
I confirm this behaviour and I must add that, even if the format is in HTML but the url is not formatted as a link (with <a tags), ATP will not rewrite the url.
This is a security hole, because outlook recognize the url and let the user to click on it!
Microsoft are you kidding me! Fix this now.
This is a huge security hole. Please fix this!