Educause Security Discussion mailing list archives

Re: URL re-writing in emails

From: "Bole, Jim A" <jbole () ALBANY EDU>
Date: Wed, 20 Jan 2021 19:27:49 +0000

I’ve started shifting the education/training focus away from looking at the links themselves. Even legitimate links for 
GoogleDrive, OneDirive, etc. are difficult to determine if they are legit or not.

I’ve tried focusing mostly on context, which requires more common sense than technical expertise. Are you expecting an 
email from Wells Fargo? Do you have an account with Amazon? On the “technical” side, I ask people to look at the 
sender, especially how to differentiate between the display name and the actual smtp address.

Jim Bole
Chief Information Security Officer
University at Albany



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Walter Roshon 
<walt.e.roshon () WILMU EDU>
Date: Wednesday, January 20, 2021 at 2:19 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] URL re-writing in emails
We've found URL Rewrite causes problems of its own. As you mentioned,  it breaks one of the best ways of checking on 
the validity of a URL in an email. "We had been teaching folks to hover over URLs to determine the destination before 
clicking links. With re-writing, all links are changed for external sites so that advice is no longer reliable." and it 
makes us totally reliant on Proofpoint catching the bad URL, which I've observed to be unreliable. Sounds good in the 
Demo, but not so good in practice. I'd rather go without it so users can check and let Bitdefender catch the Phishing 
URLs on the client workstation. It excels at stopping users from following malicious URLs, but that's not my call.

Walt R
Wilmington University

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

URL re-writing in emails Ravi Kotecha (Jan 19)
- Re: [EXTERNAL] [SECURITY] URL re-writing in emails Jason Edelstein (Jan 19)
- Re: URL re-writing in emails Brian Epstein (Jan 21)
  - DNS checking Nathan Phillips (Jan 21)
    - Re: DNS checking Menne, Michael S (Jan 21)
- <Possible follow-ups>
- Re: URL re-writing in emails Walter Roshon (Jan 20)
  - Re: URL re-writing in emails Bole, Jim A (Jan 20)
    - Re: URL re-writing in emails Beth Albertson (Jan 20)