How to extract domain of the original link from a SafeLink

To get the real domain out of a Microsoft SafeLink, you’ll need to unwrap the link first before sending it to your domain parser. SafeLinks always include the original URL inside a query parameter like url= or destination=, so the trick is to detect those parameters, decode them (sometimes more than once), and then work with the clean URL. In C#, you can check if the link’s host matches a SafeLink domain (like safelinks.protection.outlook.com or safelink.emails.azure.net), pull the original value from the query string, URL-decode it, and repeat until you get a normal http or https link. Once you’ve unwrapped it, you can safely pass that to Nager.PublicSuffix to extract the real domain. This way, you don’t rely on guessing patterns, just consistently look for the embedded original link, decode it, and you’ll always end up with the correct domain.

------------------------------------
Don't forget to mark as solution if my answer suits you