Description
Somewhere between March 27th to March 29th 2021 it appears Microsoft / Office 365 has marked the mailspring domain as malicious, aka Link Tracking now causes emails to be marked malicious by any recipients using Office 365 with ATP/Safe Links (most organizations on O365), and looks very bad to the recipients + makes sending any links basically broken/blocked (including ones in signature) unless disable link tracking.
When sending any email with link tracking enabled in Mailspring, the links get rewritten to the mailspring link domain - when the recipient email server is on Office 365 with ATP, the URL is then rewritten to pass-through O365’s Safe Link domain. When the recipient clicks the link, they’re taken to a O365 page with a giant red warning saying:
This website has been classified as malicious.
Opening this website might not be safe.
https://link.getmailspring.com/link/xxxxxxxxxxxxxWe recommend that you don’t open this website, as opening it might not be safe and could harm your computer or result in malicious use of your personal data.
For Feedback on Microsoft Defender for Office 365
Usually won’t allow you to click through at all, but for our Office 365 ATP we’ve changed the settings to allow bypassing/continuing to the URL if they click through multiple warnings
To Reproduce…
Steps to reproduce the behavior:
- Send an email via Mailspring with link tracking enabled and include a link, to anyone on Office 365 with ATP/Safe Links
- (on recipient side, click the link and see the warning/block)
Expected Behavior
Be able to use premium features (like link tracking) without being blocked/flagged as malicious by Microsoft
Screenshots
Setup
(Not dependent on version/environment - applies to all as recipient server-based)
- OS and Version: Arch Linux x64 KDE
- Installation Method: Arch AUR
- Mailspring Version: 1.8.0-8983dca2
- Office 365 Email Provider (Recipient side) with Microsoft Defender/ATP Safe Links
Additional Context
The link sent was simply a link to our own domain with a video (nothing special), links we send constantly company-wide as basically like our internal dropbox. I send these almost every day and never had issues until Monday March 29.
Occurred with 2 different organizations using Office 365 (everyone I sent to on Monday reported the links being malicious, including internally/our own email system). Looks like a blanket block on the base mailspring link domain from what can tell since nomatter what link I send the same occurs.
The entire link domain being marked malicious by Microsoft is likely to have many other major+negative impacts as it’s likely to be merged into Edge/Windows + Microsoft Defender (if not already as O365 ATP is Microsoft Defender), not to mention emails getting blocked/flagged/rejected
Side note - had a hell of a time getting this posted lol, kept saying new users can only post 2 links even though I only had the one and modified the others, not sure what’s up but hopefully one of these will go through!