Important: Email Protection features depends on your plan. If your account interface and settings differ from the ones described below, upgrade from Email Protection Lite to Email Protection.
URL Protection works by re-writing links in the email during initial email processing, which allows to validate the link security at the moment when a user clicks on a link. It prevents users from visiting phishing pages or pages that contain malware. To exclude safe links from re-writing you could use Safe URL functionality or Safe Sender functionality.
- Enabling/Disabling URL Protection
- Actions to take when a threat is detected / NOT detected
- Live Scanning
- Safe and Blocked URLs
Note: turning on URL Protection will result in all links being affected. If you need to decode a URL which was already re-written, contact support.
To enable the service, navigate to CONTROL PANEL > Services > Email Protection > Inbound Policy > Default Policy > URL Protection. Check the box enable URL Protection and click Save Changes.
To disable the service, navigate to CONTROL PANEL > Services > Email Protection > Inbound Policy > Default Policy > URL Protection. Uncheck the box enable URL Protection and click Save Changes.
Important: when URL Protection is disabled, URL safe and blocked lists are wiped and cannot be restored.
Note: after disabling URL Protection, links in new emails will not be re-written or scanned. However, links in historical emails will remain re-written and we will still perform basic security checks at the moment of click.
A threat is detected
Once a user clicks on a link, the URL Protection service analyzes it by performing a threat scanning. An administrator may choose, what action to take when a threat is found: either show a warning but allow access to the website or Block Access to the website.
With the first option selected, a user will see a corresponding warning, but still will be able to proceed to the website by clicking Open Anyway.
User will be shown the target website URL and will be able to generate a screenshot of the target website (without accessing it) to make a justified decision before opening the website.
If an administrator decides to block access to the website, the corresponding threat warning will be shown. However, a user will not be able to access the website, see the target website URL or generate a screenshot.
Note: There are three different warnings types:
A threat is not detected
Additional settings allow an administrator to choose what action to take when a threat is not found: either automatically open the website or require confirmation before opening the page.
With the first option enabled, the website will be opened immediately and there will be no notification for a user that the webpage is safe.
If confirmation is required, a user will be informed that the website is safe, they will see the target website URL and can generate a screenshot to decide, whether to proceed to the website or not.
In case scanning fails - users will NOT be able to access the target website and will be asked to try again.
If the link was modified and broken (for example after email forwarding), a user may not be able to open the webpage.
Note: By clicking View Screenshot a user can view the screenshot of the target website, before opening the URL.
Live scanning adds an additional level of protection against the zero-day threats and new malicious websites and allows to perform a real-time scanning of the URL. Live scanning is used in addition to existing URL reputation checks and requires no additional settings.
A URL reputation check - a scan against the databases of malicious links - is always performed first. If a threat is not found in the Databases and Live scanning is enabled, we will perform an additional real-time scanning on the link.
Note: If a threat was detected during the database scanning, the Live scanning is not performed.
To enable Live scanning, navigate to CONTROL PANEL > Services > Email Protection > Inbound Policy > Default Policy > URL Protection > Scanning settings > Enable live scanning > Save changes.
During the Live scanning process, end-users will see the following animation:
Note: Live scanning cannot be performed for internal, network restricted websites, however the database scanning is always performed and if no threats are found a user will have the ability to proceed to the target website without Live scan, although a warning will be shown.
Note: Sometimes Live scanning may result in an automated action being performed on the target site. An example of this is a link that automatically unsubscribes you from a mailing list. The system will detect such cases and show a warning asking to either proceed to the page without Live Scan (Database scan was already performed at this stage) or - Force a Live scan.
The URLs that match an entry on the Safe URLs List will be always considered safe and will not be re-written during original email processing. When a user clicks on such link – they will be redirected to the target website and no threat scanning will be performed.
To add an entry to the Safe URL's list, navigate to CONTROL PANEL > Services > Email Protection > Inbound Policy > Default Policy > URL Protection > Safe URLs.
The URLs that match an entry on the Blocked URLs List will be always considered unsafe and users will be blocked from accessing the target website. When a user clicks on such link - they will see a warning page with no option to open the website.
To add an entry to the Blocked URLs list, navigate to CONTROL PANEL > Services > Email Protection > Inbound Policy > Default Policy > URL Protection > Blocked URLs.
Note: you must enter the actual URL address. Wildcards are supported. Examples:
Example: if ‘mydomain.com’ is added to the safe URL list, the link ‘mydomain.com\home\users’ will also be considered safe. However, it will NOT match 'support.mydomain.com'. To white-list sub-domains - enter '*.mydomain.com'.
Note: If a URL is added to both Safe and Blocked URLs list, the URL will be considered safe.
Note: If the message contains more than 1000 URLs, including mailto: addresses, it gets automatically routed to Admin Quarantine regardless of account settings. The email tracking will show the following error code: URL Rewrite Limit. The limit or 1000 URLs cannot be changed. As a workaround, you may add the sender's address to the Email Protection Safe list.
To do this, navigate to Services > Email Protection > Inbound Policy > Default Policy > Safe Senders.
Type the sender's address to the Add safe senders field and click Add. The sender will be automatically added to the list with Spam and Marketing checks to bypass. Click Manage button on the right to the added Safe sender and then check URL Protection box. Click Save changes.