The URL Rewriting is one of three mechanisms comprising Hornetsecurity Advanced Threat Protection (ATP).

The URL Rewriting is responsible for testing URL's in incoming emails for any harmful content. To do so, the mechanism will rewrite any identifiable URLs in incoming emails in such a manner, that any URL opened from the email will be rerouted through our ATP filter, which acts as a web proxy and scans the content of the website before forwarding the user to the web page.

Behaviour

Due to rewriting the URL, the recipient will notice some different behaviour:

• The URL from within the email will change

The mechanism will rewrite the URL in such a manner that the ATP filter will act as a web proxy. The structure of the URL will be:

atpscan.global.hornetsecurity.com + a generic ending

• When opening the website through the URL in the email, the recipient will see the Hornetsecurity ATP banner.

If you want to convert the cryptic URL back to its original state, you can use the URL Decoder.

Exceptions

In the following circumstances the URL Rewriting won’t be able to work as expected:

• Signed/encrypted emails: Rewriting the URL would harm the email integrity
• Using the URL Decoder: If the URL is not opened using the generic ATP URL, the ATP service will not be able to act as a web proxy

You should also pay attention to subdomains. If wanted, they need to be added, too. To request an entry for the URL rewriting exception list, you can contact our technical support.

Examples:

• abc.example.com
• def.abc.example.com

Setup

• The URL Rewriting can be activated as described here.

To minimize the risk of False Positives, we recommend providing our customer support with a list of valid domains, so those can be added to a whitelist. Such domains could be – for example – any internal domains, not running the risk containing harmful content.