Forum Discussion

Paul Broadbent's avatar
Paul Broadbent
Copper Contributor
Jul 09, 2018

ATP not scanning Subject Line for Hyperlinks

Hi   I recently reported an issue with the Office 365 ATP not scanning subject lines (or re-writing the URL). I reported this to MSRC, and they acknowledged the report, however they responded that...
Office365 ATP Outlook
Paul Cunningham's avatar
Paul Cunningham
Steel Contributor
Jul 09, 2018

Well we expect Safe Links to rewrite URLs so they can be checked at the time of click. So that should be happening whether the URL is known (by us) to be safe or not.

Paul Cunningham's avatar
Paul Cunningham
Steel Contributor
Jul 11, 2018

I am told by a member of the product group that they are aware of this issue and are actively working on it.

  • Fredrik Jonsson's avatar
    Fredrik Jonsson
    Copper Contributor
    Oct 23, 2018

    To me it looks like safelink gets bypassed a lot even if the link is in the content of the mail.

    • Paul Cunningham's avatar
      Paul Cunningham
      Steel Contributor
      Nov 15, 2018

      Some domains are automatically bypassed based on Microsoft's own intel, last I checked.

      • Deleted's avatar
        Deleted
        Nov 20, 2018

        Paul Cunningham miss your articles on practical365. Nice to see you responding threads..

  • Mattias Borg's avatar
    Mattias Borg
    Brass Contributor
    Aug 06, 2018

    Is the clickable link scanned?

    So when you reply to yourself and the link appears to be clickable, is it scanned then?

    Have you tried with a proper malicious link?

     

     

    • Paul Broadbent's avatar
      Paul Broadbent
      Copper Contributor
      Aug 06, 2018

      Hi Mattias,

       

      it appears the clickable link in the subject line is not scanned or re-directed to *.safelinks.protection.outlook.com at any point.

       

      I have been unable to use a "real" malicious link. Although I suppose linking directly to eicar would be pretty safe.

       

      Paul