Forum Discussion
How to extract domain of the original link from a SafeLink
I'm trying to extract the original domain from the links that are warped by Microsoft SafeLinks I use the Nager.publicsuffix library in C# to parse domains, but with SafeLink's it only returns the SafeLink domain instead of the real one
Example:
https://ind01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstspg.io%2Fn504fyn3g38x...
https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fentra.microsoft.com%2Fdemodomain.cf%23blade...
I've tried writing custom logic for SafeLink pattern, but Microsoft seems to use different formats, so it's not reliable
Question:
What's the best way in C# to reliably detect and unwrap these SafeLink's (or other tracking URLs) so I can extract the original domain before passing it to Nager.PublicSuffix
1 Reply
To get the real domain out of a Microsoft SafeLink, you’ll need to unwrap the link first before sending it to your domain parser. SafeLinks always include the original URL inside a query parameter like url= or destination=, so the trick is to detect those parameters, decode them (sometimes more than once), and then work with the clean URL. In C#, you can check if the link’s host matches a SafeLink domain (like safelinks.protection.outlook.com or safelink.emails.azure.net), pull the original value from the query string, URL-decode it, and repeat until you get a normal http or https link. Once you’ve unwrapped it, you can safely pass that to Nager.PublicSuffix to extract the real domain. This way, you don’t rely on guessing patterns, just consistently look for the embedded original link, decode it, and you’ll always end up with the correct domain.
------------------------------------
Don't forget to mark as solution if my answer suits you
