Should you activate Microsoft SafeLinks?

Owen Wilson, an IT system administrator wrote a great blog post about SafeLinks and how this tool can be more an annoyance than anything else to the end-users and IT administrators.

The biggest mistake made by software companies when it comes to security is that users cannot be trusted and that AI/automation needs to make calls on behalf of users when it comes to suspicious emails.

One experience that is very relatable is with our corporate mail provider Zoho. Zoho Mail is a very good solution for mail hosting, cost-effective too. The platform embeds exhaustive mail security features and gives the IT administrator the capability to configure a quarantine for emails received from email gateways poorly configured (usually SPF, DKIM, or DMARC issues).

The problem with email security solutions

My small company receives 1-2 emails that get stuck in quarantine every single day. 50% of these emails are legit emails coming from customers or vendors that do not have the expertise or the knowledge to configure email systems properly. These emails need to get released manually from quarantine. The IT admin has to review the email himself and assess whether it is malicious or not. This causes a confidentiality concern as the email content could be very sensitive.

The thing is some of these emails stuck in quarantine can come from customers with urgent requirements, failure to go through these emails quickly could mean revenue losses for the company. These emails that are absolutely legit are flagged by email security systems for good reason. But they are still held in quarantine which impacts the business.

What happens if we decide to disable quarantines and let all emails flow to the customer mailbox? Without any further action, you can be sure that some users may get infected very quickly. But with proper training and tools, these same users are perfectly capable to take the right decision and handle emails better than any machine. Why? Because they know their environment better than anyone else, they know how this particular customer writes emails or what kind of attachment this vendor is supposed to send. We need to trust users to make the right choice. And we need to help them make the right choice.

Microsoft SafeLinks prevents users from learning

SafeLinks is another feature that wants to take decisions on behalf of the users. SafeLinks thinks it knows better. It doesn’t! The way SafeLinks works is that it rewrites all URLs before they land into your mailbox with a prefix. if you ever click on a link that is suspicious, SafeLinks will redirect you to a warning page.

The problem with SafeLinks is that it makes all links very cryptic and hard to decipher for the end-users. The first thing that an educated user would do when receiving a suspicious email is to go over the hyperlink to find out what is the destination address. How are we supposed to do that with SafeLinks? It is completely obfuscated. The only thing we can do is trust the machine to make the right call.

At TokaiMail, we believe that training end-users is the right path to preventing security breaches. Users need to be trained and equipped with the right tools to make educated decisions when it comes to emails.

Spotting phishing or malicious emails is not easy, TokaiMail provides a toolkit for users to make the right call. At this stage, we have decided to not rely on any automation. All the checks are manually triggered by the end-user. We want the users to learn from this experience and not simply rely on the tool to make all the hard work. We want the users to be in control. And that is what makes all the difference between TokaiMail and the rest of the email security solutions in the market.

Ready to give it a try? Visit our store!

Latest posts by Mathieu Ploton (see all)

Leave a Comment

Your email address will not be published. Required fields are marked *

Shopping Cart