MicrosoftITYM:
Apply this rule if
Includes these patterns in the message subject or body: 'linkedin\.com/slink\?'
and Is received from 'Outside the organization'
Do the following
Prepend the subject with '[SLINK BIN] '
and Deliver the message to the hosted quarantine
and Stop processing more rules
Been more-or-less that way here since 2023 at least.
Linked In, if you are not going to curate your links then why should we? That alternate slink format is being resolved by your servers, not the mail client.
And Microsoft, I hear you have a financial interest in Linked in. Since that format is non-standard, why not do the decent thing in the EOP engine and filter out those link formats as obviously malicious? Monopolistic? Not when there are two bigger social media beasts loose on the block.
Of course, if my suggested action is a little extreme then a programmatically enforced SCL 5+ or a prepended disclaimer acting as a warning are alternative actions. If you use KQL and want to do due diligence to judge impact beforehand:
