The ATP URL Re-writer requires to be manually enabled by the EveryCloud support team.


Once enabled, URL’s in incoming messages will be tested for any harmful content.  This is accomplished by rerouting the URL through our ATP filter, which acts as a web proxy and scans the content of the website before forwarding the user to the webpage.

 

Due to the rewriting of the URL, the recipient will notice a change in behavior:

 

  • The URL from within the email will change, and the structure will look similar to this: atpscan.global.hornetsecurity.com + a generic ending
  • When opening the URL, the URL is scanned using a filter powered by Hornetsecurity and the recipient will see the Hornetsecurity ATP banner (as shown below) at the top of the webpage.


image

 

  • Clicking on “please click here” in the banner will scan any links in the requested website (a status message will appear as shown below) and allow for the website to be displayed normally.



image

 URL rewriting won’t function as expected in certain circumstances: 

  • It is disabled for signed/encrypted messages to preserve email integrity. 
  • Rewritten URLs for internal websites will be blocked.
  • If the requested website has been shortened using a tool such as bit.ly and then that link has been shortened again by another shortening service, then the URL will be blocked.

 

URL Decoder

If you want to convert the cryptic URL back to its original state, you can use the URL Decoder.


Important Information Required from You

 

We require a list of URLs to be whitelisted.  This list should include:

  • all your internal customer domains
  • any external domains included on inbound messages, such as links to online platforms (e.g. salesforce.com, hubspot.com), customized URLs, etc.

 

False Positives

 

During the initial deployment of the URL re-writer, there may be some false positives. If these are encountered, please let our support team know. 

 

Informing your users

 

We would recommend that you inform your users that the URL re-writer has been enabled so that they are aware of any difference in the behavior when they click on links within an email. Attached is a suggested guide that you could amend with your details and send to your users.