This guide describes how administrators can verify a URL that has been rewritten by Targeted Threat Protection - URL Protect. This is important, as the original URL can tell you a lot about where you are about to go.
You can also check URLs via the Decoding URLs tool in the Administration Console. Alternatively, URLs that haven't been rewritten by URL Protect can be verified by other methods, such as using a search engine (Google etc.) to check if the link is associated with known phishing or malware attacks, or by using a service like Virus Total.
This guide applies to the following staff trying to ascertain whether a link is safe:
- Mimecast Support Staff
- Right click the URL.
- Click Copy Hyperlink.
- Paste the URL into your browser, but add a + to the end. For example, if the following protected link is issued:
Add a plus sign at the end:
- Press Enter.
- Review the Original URL to ensure it is safe to go there. This URL isn't clickable to prevent access to the URL before our security checks have been performed. Do not to copy and paste the exposed link for the same reason.
If you have the "Display URL Destination Domain" option selected in your URL Protect definition, the protected URL displays the destination domain at the end. For example, https://protect-eu.mimecast.com/s/F6rYCAW0hl6wn3CQg3QZ?domain=exampledomain.com.