When users then click on the rewritten link, the server performs a check to see if the link points to a known phishing or malware website and based on the result, blocks access to it or redirects the request to the endpoint. The advantage is that if a website is marked as dangerous later, all rewritten links pointing to it will stop working, bringing security to all users.
However, the success of this method in practice is debatable and has disadvantages as well. First, this breaks private email signatures because a secure email gateway modifies the original email by changing the link. Then, the rewritten links obscure the actual destinations, which in some cases may be suspicious just by looking at them.
For example, Microsoft offers this feature under the name Safe Links for Office 365 users, where links to incoming emails and messages in services such as Outlook and Groups are rewritten to na01.safelinks.protection.outlook.com/?url=[original_URL] and this feature has previously been criticized by security companies for not performing dynamic scans or because it is easy to bypass by redirecting traffic based on IP – Microsoft’s publicly known IP addresses – or by using open redirect URLs from legitimate and trusted domains.
Source link