I'm conducting a test to see if the URL rewrite issue is better, for me anyway. Please ignore. Test = http://postfix.1071664.n5.nabble.com/new-strangeness-with-O365-td96344.html
Should be http:// postfix.1071664.n5.nabble.com /new-strangeness-with-O365-td96344.html -ANGELO FAZZINA ITS Service Manager: Spam and Virus Prevention Mass Mailing G Suite/Gmail ang...@uconn.edu University of Connecticut, ITS, SSG, Server Systems 860-486-9075 -----Original Message----- From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> On Behalf Of Mike Guelfi Sent: Thursday, May 17, 2018 8:12 PM To: postfix-users@postfix.org Subject: Re: new strangeness with O365 [OT] Quoting Daniele Nicolodi <dani...@grinta.net>: > On 5/17/18 3:59 PM, Mike Guelfi wrote: >> Quoting Noel Jones <njo...@megan.vbhcs.org>: >>> It seems counterproductive to rewrite a plain-text link... I don't >>> know it there's a setting in the O365 controls to avoid mangling >>> plain text, so you may have to live with it. >>> >>> >>> >>> -- Noel Jones >> >> The worst of it is, MS are inserting themselves in the transaction so >> they get to track which links you click in emails. >> >> There's a good security reason to do so > > What MS does is to "check" (whatever that entails) the URL and then > respond to the HTTP client with a redirect. I can envision a very simple > mechanism for which the response served to the MS robot that verify the > URL is different from the one served to other clients. > > Can you please elaborate on what are the "good security reasons" for > which that is a good idea and not simply a form of user tracking? > > Thanks. Cheers, > Dan It's at least a reputation service, which means that if they notice it go bad after they've already sent you the email, they can still block it when you attempt to click through on their server. They might be expending some actual effort like sandboxing to inform their reputation server, or user reporting, etc. But either way it's better from a service delivery perspective to allow the email before the testing is complete and hope you click the link afterwards. They have no warranty on the service anyway so no downside to them. That said; I have still asked them to turn it off. I got a 1st level human to acknowledge it's been escalated, but nothing else so far. I think this thread is starting to be wildly OT though... -- Mike.
