Forum Discussion
ATP not scanning Subject Line for Hyperlinks
Hi Paul,
I agree, there could be another layer of protection, but the lack of re-write in the URL makes me cautious.
I did want to try linking to a malicious payload, but unfortunately I am not in a position to do that in a production network.
If I get the time I may try this over the next week.
My concern is that people will buy ATP as an "Out of the box" security solution and just expect it will protect them from all incoming links.
Thank you for your advice and following this up.
Well we expect Safe Links to rewrite URLs so they can be checked at the time of click. So that should be happening whether the URL is known (by us) to be safe or not.
I am told by a member of the product group that they are aware of this issue and are actively working on it.
To me it looks like safelink gets bypassed a lot even if the link is in the content of the mail.
Some domains are automatically bypassed based on Microsoft's own intel, last I checked.
Is the clickable link scanned?
So when you reply to yourself and the link appears to be clickable, is it scanned then?
Have you tried with a proper malicious link?
Hi Mattias,
it appears the clickable link in the subject line is not scanned or re-directed to *.safelinks.protection.outlook.com at any point.
I have been unable to use a "real" malicious link. Although I suppose linking directly to eicar would be pretty safe.
Paul
