Important: Email Protection features depends on your plan. If your account interface and settings differ from the ones described below, upgrade from Email Protection Lite to Email Protection.

LinkSafe™ works by re-writing links in the email during initial email processing, which allows to validate the link security at the moment when a user clicks on a link. It prevents users from visiting phishing pages or pages that contain malware. To exclude safe links from re-writing you could use Safe URL functionality or Safe Sender functionality.

Enabling/Disabling LinkSafe™

Note: turning on LinkSafe™ will result in all links being affected. If you need to decode a URL which was already re-written, contact support.

To enable the service, navigate to HostPilot® Control Panel > Services > Email Protection > Inbound Policy > Default Policy > LinkSafe™. Check the box enable LinkSafe™ and click Save Changes.

enable

To disable the service, navigate to HostPilot > Services > Email Protection > Inbound Policy > Default Policy > LinkSafe™. Uncheck the box enable LinkSafe™ and click Save Changes.

disable

Important: when LinkSafe™ is disabled, URL safe and blocked lists are wiped and cannot be restored.

Note: after disabling LinkSafe™, links in new emails will not be re-written or scanned. However, links in historical emails will remain re-written and we will still perform basic security checks at the moment of click.

Actions to take when a threat is detected / NOT detected

A threat is detected

Once a user clicks on a link, the LinkSafe™ service analyzes it by performing a threat scanning. An administrator may choose, what action to take when a threat is found: either show a warning but allow access to the website or Block Access to the website.

threat_found

With the first option selected, a user will see a corresponding warning, but still will be able to proceed to the website by clicking Open Anyway.

User will be shown the target website URL and will be able to generate a screenshot of the target website (without accessing it) to make a justified decision before opening the website.

phishing_allowed

If an administrator decides to block access to the website, the corresponding threat warning will be shown. However, a user will not be able to access the website, see the target website URL or generate a screenshot.

malware_blocked

Note: There are three different warnings types:
Phishing

phishing

Malware

malware

Harmful Programs

harmful

A threat is not detected

Additional settings allow an administrator to choose what action to take when a threat is not found: either automatically open the website or require confirmation before opening the page.

cp_threat_not_found

With the first option enabled, the website will be opened immediately and there will be no notification for a user that the webpage is safe.

If confirmation is required, a user will be informed that the website is safe, they will see the target website URL and can generate a screenshot to decide, whether to proceed to the website or not.

no_threats

In case scanning fails - users will NOT be able to access the target website and will be asked to try again.

unavailable

If the link was modified and broken (for example after email forwarding), a user may not be able to open the webpage.

page_not_found

Note: By clicking View Screenshot a user can view the screenshot of the target website, before opening the URL.

screenshots

Live Scanning

Live scanning adds an additional level of protection against the zero-day threats and new malicious websites and allows to perform a real-time scanning of the URL. Live scanning is used in addition to existing URL reputation checks and requires no additional settings.

A URL reputation check - a scan against the databases of malicious links - is always performed first. If a threat is not found in the Databases and Live scanning is enabled, we will perform an additional real-time scanning on the link.

Note: If a threat was detected during the database scanning, the Live scanning is not performed.

To enable Live scanning, navigate to HostPilot > Services > Email Protection > Inbound Policy > Default Policy > LinkSafe™ > Scanning settings > Enable live scanning > Save changes.

live_enabled

During the Live scanning process, end-users will see the following animation:

Phishing

sc_phishing

Malware

sc_malware

Harmful Programs

sc_harmful

Note: Live scanning cannot be performed for internal, network restricted websites, however the database scanning is always performed and if no threats are found a user will have the ability to proceed to the target website without Live scan, although a warning will be shown.

sc_unsuccessful

Note: Sometimes Live scanning may result in an automated action being performed on the target site. An example of this is a link that automatically unsubscribes you from a mailing list. The system will detect such cases and show a warning asking to either proceed to the page without Live Scan (Database scan was already performed at this stage) or - Force a Live scan.

not_attempted

Safe and Blocked URLs

The URLs that match an entry on the Safe URLs List will be always considered safe and will not be re-written during original email processing. When a user clicks on such link – they will be redirected to the target website and no threat scanning will be performed.

To add an entry to the Safe URL's list, navigate to HostPilot > Services > Email Protection > Inbound Policy > Default Policy > LinkSafe™ > Safe URLs.

The URLs that match an entry on the Blocked URLs List will be always considered unsafe and users will be blocked from accessing the target website. When a user clicks on such link - they will see a warning page with no option to open the website.

access_blocked

To add an entry to the Blocked URLs list, navigate to HostPilot > Services > Email Protection > Inbound Policy > Default Policy > LinkSafe™ > Blocked URLs.

Note: you must enter the actual URL address. Wildcards are supported. Examples:

  • https://www.mydomain.com
  • http://www.mydomain.com
  • www.mydomain.com
  • *.mydomain.com
  • *mydomain.com
  • http://10.240.128.12

Example: if ‘mydomain.com’ is added to the safe URL list, the link ‘mydomain.com\home\users’ will also be considered safe. However, it will NOT match 'support.mydomain.com'. To white-list sub-domains - enter '*.mydomain.com'.

Note: If a URL is added to both Safe and Blocked URLs list, the URL will be considered safe.

Note: If the message contains more than 1000 URLs, including mailto: addresses, it gets automatically routed to Admin Quarantine regardless of account settings. The email tracking will show the following error code: URL Rewrite Limit. The limit or 1000 URLs cannot be changed. As a workaround, you may add the sender's address to the Email Protection Safe list.

To do this, navigate to Services > Email Protection > Inbound Policy > Default Policy > Safe Senders. 
Type the sender's address to the Add safe senders field and click Add. The sender will be automatically added to the list with Spam and Marketing checks to bypass. Click Manage button on the right to the added Safe sender and then check URL Protection box. Click Save changes.

rewrite_limit