[Users] Rewrite URLs in message obfuscated by Outlook's safelinks stuff
George Avrunin
avrunin at comcast.net
Mon Mar 18 21:41:02 UTC 2024
I was a long-time user of claws-mail until a couple of years ago when
my university forced us to use their mail service rather than our
department servers. The campus mail service runs Outlook, though
faculty can choose to receive mail through GMail, which I did.
However, the campus and Google require OAUTH2 and blocked our university
Google Workspace accounts from setting up claws-mail as a project, so I
couldn't use claws with my university email account. I therefore
switched to using Thunderbird, which is officially unsupported but
works with both my university email and my personal accounts and,
unlike the GMail web interface, allows me to move messages between
accounts.
I am now fully retired and don't receive emails with student
information. So I am planning to forward my university GMail account
to a personal account and return to using claws-mail for everything
except sending from my university account. Then, within claws, I can
move emails to the appropriate folders on the dovecot server on my home
machine and deal with them as I would like (and not store them in
GMail). While I am doing this, however, I would like to address another
problem with the university email.
They use Outlook's safelinks service, which rewrites email messages to
send all URLs in messages through
nam10.safelinks.protection.outlook.com. (They claim this is for
security, but it also lets Microsoft monitor all the links you click
on...) . So, for example, the URL
https://ncses.nsf.gov/indicators?utm_medium=email&utm_source=govdelivery
which appeared in a recent message from the US National Science
Foundation, shows in my email as
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fncses.nsf.gov%2Findicators%3Futm_medium%3Demail%26utm_source%3Dgovdelivery&data=05%7C02%7Cavrunin%40cns.umass.edu%7Ce6c6579bb4e04efbe41308dc4421f492%7C7bd08b0b33954dc194bbd0b2e56a497f%7C0%7C0%7C638460160763273466%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=eZXjISDka%2Fiqee09LbeG%2B%2BCDHsaIFVO1UHE4DDfOl1w%3D&reserved=0
]
This is unpleasant and hard to translate mentally to the real URL in
order to decide whether to click on it or not (which probably makes it
less secure, but the box-checkers in the campus IT security office
don't see it that way). The changes Outlook makes are in the actual
message source (in text and html parts).
I would like to rewrite these obfuscated URLs back to their original
form but I'm not sure of the best way to do this. I have found a
number of different python scripts, for example (e.g.,
https://pypi.org/project/antisafelinks/,
https://github.com/infosecB/normalize-atp-safelink/blob/master/normalize_atpsafelink.py,
https://stackoverflow.com/questions/46504003/decoding-microsoft-safelink-url-in-python,
though I haven't read any of the code carefully) that can do this in
some fashion. Can these, or some modification of one of them, be used
with the python plugin for claws? Or is there a better way to get the
URLs rewritten? Send the messages through something like
procmail/formail?
If the python plugin can be used, can someone point me to some
examples of using it to modify mail messages (as opposed to modifying
compose buffers, for instance). I haven't done much programming in
recent years and have never done anything serious in python, so lots of
detail about any suggestion (python or not) would help me.
If it matters, I'm currently running claws-mail 4.2.0 on Fedora 39.
Thanks,
George
More information about the Users
mailing list