Forum Discussion
Advanced Threat Protection (ATP) is ruining Outlook.com
About a week ago, I noticed that all URLs were suddenly extremely long/obscure, and beginning with something like: https://nam02.safelinks.protection.outlook.com/?url=
It destroys the URL visibility experience.
I quickly realized that this was an Office 365 (E5) feature called ATP, but I'm not talking about Office 365 here but rather the consumer Outlook.com site.
I need to find out if we're going to be able to disable this, and when.
It's unbelievable that MS just foisted it on us, since it's not even in the vast majority of Office 365 plans! I realize that some people have been seeing it longer than one week.
It is now 2024 but searching does not find any more reasonable discussion on this topic.
Our email is still full of undecipherable URLs when the technology should be helping me, through clarity and transparency, to decide if I should click on the link or not.
Should I click on this or not?
<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcomcastdotcom-mid-prod1-all-t.adobe-campaign.com%2Fr%2F%3Fid%3Dh09b7b698-388c-49e5-b86a-7396bf1a74df%2C2621b9%2C235b4&data=05%7C02%7C%7C70b9799eb23a4d4bfc7b08dd2dcd3c5f%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638717081685827113%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=8ywjv5KN%2BwjdvJuv4fWkd7MOHBS2UYov3SVr3uVoUx4%3D&reserved=0>- In my case, clicking on such a link triggers an action that should actually be triggered by the enclosed link, but this then no longer works because the action was already performed but led to an incorrect result.
I send such links to hundreds of thousands of users every day. Many users complain about the wrong behavior of these links.
Please give me a solution to turn this off. - To add insult to injury, my Office Outlook Inbox still has unread items that I can't get to, as they were received before I disabled this diabolical 'tool'. I was wondering for a few weeks (i) why my mail was and web pages were so slow to open (I had noticed the sly pre-load reference to the safelinks URL, but had disregarded it until my mail became unusable); and (ii) when I was unable to access links in perfectly legimate emails, even after I had forwarded those emails to another (non-MS) email address so that I could follow the links and download important information.
Get this straight Microsoft, I have plenty of paid anti-phishing and virus protection software that has worked fine for over a decade. Your intrusion in this matter is another example of the totally irresponsible engineering and version release policies and procedures that are driving people away from Microsoft - except those of us held to use your products because of constraints such a corporate standards.
I don't believe it's unreasonable of me to ask, no demand, that you remove this albatross immediately and give back my access to my now inaccessible email links. - I agree. As a result of this "feature" links never seem to load for me. Just disable the feature. Unfortunately I still cannot load links from emails already received.
- You were able to disable it...? how?
- OMG, found it!! I'll finally be able to click links again! Ironically, here's a LINK to it: https://outlook.live.com/mail/options/premium/security
You can get there by:
1. Click the stupid diamond thing "premium" on the top, it will open settings in the premium section.
2. Click on the stupid Security subsection
3. Click o the stupid switch under "Advanced" sub-sub-section where there is a very long, evasive text - it's a bunch of crap how they keep you safe, as opposed to Microsoft reading all links that come through your email.
To be honest, I obviously don't really care that the Microsoft robots are collecting my information, otherwise I'd use a proper paid email system... the problem is that they are actually making me go through a portal to get to links and it's making my analysis of phishy links very difficult, I can't just check that the domain is what it should be in a split-second like I could before, not to mention it doesn't work through some proxies and adds a significant delay.
They could at least have the decency to inject a right-click menu with options like "view/copy insecure URL" and "open without protection" or some crap.
I've been trying to get access to SSWUG.ORG for days now. I wanted to watch a live presentation about SQL Server Setup. All my attempts are blocked by a scan that never seems to complete.
Call me paranoid, but MS reads every URL that is sent to me in an e-mail, and through Safe Links now knows every URL on which I actually click? Sounds like a great data mining opportunity to me. They may pass the URL through a screen to check it, but I just don't believe they don't also track the URLs I follow. I can't (easily) copy the URL and paste it into my browser to prevent that because now it passes first through an MS server before directing me to the real URL. Sad.
- Dear paranoid?,
For a few years now Microsoft will occasionally send me an email that has a couple buttons on it that reads
Is this:
SPAM
NOT SPAM
I can see the content, it might be one that was sent to me or not.
If it looks like SPAM and I select that button it loads in the browser of choice and only has a CLOSE button. You then click that and it:
Closes that web page tab
Deletes the email.
It's clearly watching what the link does in that browser page as it loads and it contains its actions.
It was a MS Partner program I was asked to volunteer on years ago and it's an old hotmail account that generates tons of spam [1999 era].
I don't get any feedback, but I guess I'm helping. But it's all automated. Usually a couple a month.
I'm not paranoid until things slooow waaay dooowwnn.
The links we are addressing in THIS post kinda work against a black list database and is mostly automated but can generate metrics on data that can be determined to be suspicious. That probably helps to maintain the black list. I doubt anyone is reading your stuff, (there would need to be alot of bored MS email reading employees) but then again if it's evil you really don't want it functioning on your end.
My concern originally with THIS post was that it slows down browsers and eats up cpu and time.
I chose to turn all of my many MS email accounts off from the routing function in THIS post except that one old hotmail account. I now know MS has that OFF switch on each account as they manage the email servers they are protecting. If you ask them nicely and follow the steps they will turn it off. Then it's up to you to protect yourself.
Cheers
- Still no proper way to disable this BS? That's why I hate Microsoft!
The number of ways MS is crapping on its users are too many to keep track of.
One of the worst was when I joined the Insider Program for Windows 10. I ended up with no OS at all on my computer because it erased my Win8.1 license and as a reward for participating I got an invalid Win10 Pro license. They didn't even hold their end of the deal. And MS themselves said I have myself to blame for using their software. Their words, not mine.
Or what about when they disabled the support for hotmail in Windows Live Mail? Why stop users from using the "in house" mail service?- If this BS was really supposed to help us, why are they letting through all this crap in my inbox. The inbox rules only work intermittently and often they end up in the junk mail folder. And the junk mail with its "approved links" end up in my inbox. Approved links that go straight to spammers and phishing attempts.
No MS. Go back to the drawing board. This is not good enough. At least I could hover the links before to see if htey were scam or not. Today the number of successful scams will rise tenfold. And it will all be due to Microsoft "Security".
They re activate this feature on my account.... AAAAAAAAAAaaaaaaaaaaa T-T
Maybe this time they will not spent 28 days to deactivate it
I'm reading that alot of people are upset about this change and well, yes it is a little harder to easily read the URL, but this is a really good thing people. Microsoft is really attempting to protect its customers, for free, in the same way that other major (Gartner Magic Quadrant) vendors/providers are for a very high cost.
If you'd like a quick and simple URL decoder, I've posted one here that I distributed to my work and posted to the Intranet for staff/employees to use.
Decode Safelinks: Link
Request: One thing I would like if some MS MVP or ATP guru could tell me, what does each of the tokens (Data and Pipes '|' like "02|01|myemail@address.com|cfad9384a1804ef230af08d593f8b95b|0662477dfa0c4556a8f5c3bc62aa0d9c|0|0|636577618830257637") in the parameter string mean. Is this information useful to IT that would enable us to discern more about the URL provided?
You are offering a decoder for links we shouldn't need to decode?
Here's my problem: The URL with "safelinks" in it doesn't tell me anything about the link. Is it a link to an adult site called cuddly kittens or a site featuring pictures of cats? I'll have no clue until I click because the URL has been replaced.
Other vendors that scan emails insert a message informing the reader it was scanned. If a malware is found the email is deleted and the message is replaced with one that states that. No obfuscation of links. Either you get it intact or you don't.
- It may be good if it worked consistently and correctly identified all malicious links, but it misses some so cannot be replied upon - That's why reading the URL is important to us who are complaining.
- See the solution described below by Peter Gorton, provided by Microsoft. Nutshell.....run PSR instructions given below.
Possible solution.....
1. On your keyboard, press “Windows Key” and “R” simultaneously. (Windows key is located on the lower left of your keyboard, in between of the Ctrl and Alt)
2. A pop-up will appear on your screen
3. Type "PSR" without quotation marks and hit enterThis was all I needed to do for the problem to go away.
However, if the problem remains,
4. Click Start and reproduce the issue that you are facing with the Outlook.com on the browser
5. When done, click on stop record and save the log file to your desktop
6. Kindly attach the log file to an email and send it to Outlook Support so they can investigate it for you.Thanks Peter for your contribution.
I want to turn this function off on all computer logons
Peter Gorton UK wrote:
See the solution described below by Peter Gorton, provided by Microsoft. Nutshell.....run PSR instructions given below.There is no link below.
