The Safelinks protection system was introduced by Microsoft as an optional additional security feature of Outlook.
It works by checking then replacing any links in emails received with a custom link to a Microsoft server that then has confirmed the validity of the original link before any user clicks on it.
This system has come in for a lot of criticism and Microsoft has made a number of changes as a result – and continues to improve the service.
In principle, it’s a great idea as Microsoft will check all links in emails to ensure your users don’t accidentally click on a phishing or scam email link.
However, there are some serious problems:
- if switched on it will replace >all< links in incoming emails and if a user hovers their cursor over a link, they will only see a Microsoft link and not the original so the user has no way of knowing where the link leads. Some scammers have even started to duplicate the look of a Microsoft Safelinks link format to fool users.
- For survey platforms (like SightMill) it proves a real challenge because the Microsoft servers will automatically check the links by sending a request to the link to establish it’s not spam. This automated probe causes the survey platforms to see this as a response to a survey, which can cause problems with invalid responses which are actually generated by automated Microsoft server tests. (If you see a large number of responses come back within seconds of sending a survey, your recipients are likely to be using Safelinks and you are actually seeing invalid responses generated by Microsoft Safelinks tests.)
If you have experienced any changes to the response rates or random results to surveys, check with your tech team to see if Safelinks has been introduced recently. Please get in touch – we can help work with this platform whilst Microsoft continues to improve its technology to avoid invalid survey responses.
If you are sending surveys internally (eg Employee surveys), you can manage the setup and resolve this issue by creating a rule in ATP (the Microsoft software that manage Safelinks feature) as follows:
Create an Safelinks/ATP Link Bypass Rule
How to setup a rule to manage email flow to bypass ATP/Safelinks link processing:
- Create a new mail flow rule in your Exchange/Office Admin center.
- Name the rule, for example, Bypass ATP Links.
- Click more options.
- From the Apply this rule if…. drop-down menu, select Senders IP address is in the range…
- Enter the SightMill IP address (134.213.249.144)
- From the Do the following… drop-down menu, select Set the message header… and then to this value:
- Set the message header to:
- X-MS-Exchange-Organization-SkipSafeLinksProcessing
- Set the value to:
- 1
- Save your new rule.