Which corporate filter appliances or software follow links in emails?
Summary
What email marketers say13Marketer opinions
Email marketer from Reddit mentions that several email security solutions like Proofpoint, Mimecast, and Microsoft Defender ATP (Safe Links) actively scan and follow links in emails.
Marketer from Email Geeks explains that Microsoft will follow links depending on the admin's settings using Safe Links.
Marketer from Email Geeks shares that Barracuda often follows links in emails.
Email marketer from Spiceworks Community mentions that Avanan also checks links.
Email marketer from StackExchange explains that to detect malicious links, systems utilize URL rewriting and destination analysis using a sandbox or link-following approach.
Email marketer from Reddit details that many email security systems use sandboxing or link following in a virtual environment to assess the legitimacy of a link.
Email marketer from Spiceworks Community shares that Barracuda Link Protection will follow links in emails to check for malicious content.
Email marketer from Reddit states that solutions like Avanan, Proofpoint, Mimecast, Barracuda, and Microsoft ATP scan URLs in emails for malicious content.
Email marketer from Spiceworks Community says that Proofpoint is very aggressive and clicks every link in every email.
Email marketer from TechTarget explains that email security gateways often include features that scan and analyze URLs in emails, including following the links to check for malicious content before delivery to the user.
Email marketer from Experts Exchange mentions that common appliances such as Cisco Email Security Appliance, Proofpoint, and Mimecast can be configured to follow links.
Email marketer from Reddit notes that URL rewriting is a common technique used by security appliances where the original URL is replaced with a URL from the security vendor which is then checked before redirecting the user to the original site.
Marketer from Email Geeks shares that Barracuda and Microsoft are the most frequent to check links in emails. Mentions also seeing Mimecast do it. They also note an unidentified entity clicking emails sent to educational addresses.
What the experts say6Expert opinions
Expert from Email Geeks shares that Proofpoint follows links and rewrites URLs. Also names Microsoft, Mimecast, and Barracuda as well. They believe Symantec has this feature as well.
Expert from Email Geeks explains that all providers have the *ability* to follow links, but they have different thresholds for when to do it because it's expensive in terms of resources and time.
Expert from Word to the Wise discusses the challenges and nuances of link clicking by security systems, emphasizing that it's difficult to determine definitively what is clicking a link. Factors such as timing, location, and user agent can offer clues, but attributing clicks is complex.
Expert from Email Geeks shares that Barracuda is one of the more aggressive (and easier to identify) link following providers.
Expert from Email Geeks suggests Cisco may also follow links. States most providers do link inspection on some level but limit it due to expense, applying it more to borderline emails.
Expert from Spam Resource mentions Proofpoint URL Defense as a solution that rewrites URLs in email messages. This rewrite allows Proofpoint to analyze the links when clicked, directing users through Proofpoint's servers before redirecting to the actual destination. If the link is deemed malicious during the analysis, access can be blocked. This effectively confirms Proofpoint's system follows links.
What the documentation says5Technical articles
Documentation from Forcepoint describes how Forcepoint Email Security can analyze URLs in emails and follow links to check for malicious content.
Documentation from Cisco explains that the Cisco Email Security Appliance can be configured to perform URL analysis and rewrite URLs for protection against malicious websites.
Documentation from Proofpoint explains that TAP URL Defense rewrites URLs, analyzes them in a sandbox environment, and blocks access to malicious URLs.
Documentation from Mimecast explains that URL Protect rewrites URLs and scans them at the time of click to protect users from malicious websites.
Documentation from Microsoft Learn explains that Safe Links in Microsoft Defender for Office 365 proactively protects users from malicious URLs in email messages by providing time-of-click verification of web addresses.