What are Outlook's safe links?

All we need is an easy explanation of the problem, so here it is.

People using outlook.com as their mailbox may know this: If you receive an e-mail with a web link in it and copy the link with “right-click + copy link location” you will receive an outlook protection link. For example “https://test.com“, will become this protection link (in my case):

"https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftest.com&data=02%7C01%7C%7Ccb2efbed1ae44d545cac08d644e7b37d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636772159263508835&sdata=8BK6la8r8jweL6T0bH9cm7VNzh5IIrx7hVL0ASZc6GU%3D&reserved=0".

This is some sort of protection, but I cannot see what attack it is preventing. Does anyone know for what this “link wrapping” is? I also wonder, what the data and sdata parameters are. (Seem to be hashes? [of the website?])

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

Safe Links is a feature that originated in Office 365 Exchange Online Advanced Threat Protection. https://products.office.com/en-us/exchange/online-email-threat-protection

By wrapping the link, you give Microsoft a chance to check the URL before letting you through. So if it is say a link to download a virus or malware, it can show you a block page or warning page instead. The service also do some advanced stuff like visit the page on your behalf and scan for threats just in time, or show you the destination in a sandboxed page to prevent malware.

This is better than scanning the email at delivery time because some links may be to phishing sites or zero day malware that has not yet been discovered. But by the time you click the message in your inbox, it may have been caught (and thus will be blocked).

In a corporate environment, this is also helpful because it allows you to get metrics on who clicked on what. If an employee clicked through to a phishing site, you can look at the logs to determine who also clicked on that link as take action.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

This Post Has One Comment

  1. MariaEpids845

    XEvil 5.0 automatically solve most kind of captchas,
    Including such type of captchas: ReCaptcha v.1, ReCaptcha v.3, Hotmail (Microsoft), Google, SolveMedia, Rambler, Yandex, +12000
    Interested? Just google for XEvil 5.0!
    P.S. Free XEvil Demo is available!

    Also, there is a huge discount available for purchase until 30th April: -30%!

    XEvil.Net

Leave a Reply