Sep 12 2016 03:15 PM
Sep 12 2016 03:15 PM
When a safe links policy is applied and users follow a suspect link, users are shown a webpage informing them that the link they are trying to follow is malicious. If the recipient’s safe links policy has been configured to allow the user to go through, that user is given the option to continue to the site.
From the article mentioned above I would expect that an malicious link would be reformatted, and when an end user clicks the link, they would be redirected to a warning site letting them know the content in the link is "Suspect". Today one of our users got an email with a link to a Suspect site, and although in the body of the email the link was reformatted, when clicking on it we go directly to the Suspect site, and not to a warning page letting us know the link is suspect.
Does this mean that the link is not malicious? Should we be redirected to a warning site when clicking on a link formatted like this?
Sep 13 2016 08:25 AMSolution
ALL links are reformatted (using the safe links) -- unless you whitelist them.
There is nothing in the email itself that indicates that the link is good or bad. It is only checked at the time the link is actually clicked.
Since it goes through to website, it just means Microsoft hasnt caught on yet that it is a bad link.
Sep 16 2016 01:54 AM
As Brent said, you are redirected to a warning page only if, at the time when the link was clicked, the URL is considered suspect. If the link is not suspect, then there is no reason to alter the user experience.
Keep in mind that, for a specific link, the behavior might change depending on the point in time when the link was clicked and how it was evaluated by Microsoft at that specific time.
Sep 16 2016 08:45 AM
A way to report that the link should have been marked as suspect would be nice. Anything like that?
Aug 02 2019 10:23 AM
@Robert Woods I've removed the previous official response as it's out of date.
File the item under https://docs.microsoft.com/en-us/office365/securitycompliance/admin-submission and then get feedback there.
If that doesn't solve the issue, feel free to open a support ticket.