[Users] Rewrite URLs in message obfuscated by Outlook's safelinks stuff

H.Merijn Brand linux at tux.freedom.nl
Mon Mar 18 22:22:33 UTC 2024 

On Mon, 18 Mar 2024 17:41:02 -0400, George Avrunin <avrunin at comcast.net> wrote:

> I was a long-time user of claws-mail until a couple of years ago when
> my university forced us to use their mail service rather than our
> department servers.  The campus mail service runs Outlook, though
> faculty can choose to receive mail through GMail, which I did.
> However, the campus and Google require OAUTH2 and blocked our university
> Google Workspace accounts from setting up claws-mail as a project, so I
> couldn't use claws with my university email account. I therefore
> switched to using Thunderbird, which is officially unsupported but
> works with both my university email and my personal accounts and,
> unlike the GMail web interface, allows me to move messages between
> accounts.
> 
> I am now fully retired and don't receive emails with student
> information.  So I am planning to forward my university GMail account
> to a personal account and return to using claws-mail for everything
> except sending from my university account.   Then, within claws, I can
> move emails to the appropriate folders on the dovecot server on my home
> machine and deal with them as I would like (and not store them in
> GMail). While I am doing this, however, I would like to address another
> problem with the university email.
> 
> They use Outlook's safelinks service, which rewrites email messages to
> send all URLs in messages through
> nam10.safelinks.protection.outlook.com.  (They claim this is for
> security, but it also lets Microsoft monitor all the links you click
> on...) .  So, for example, the URL
> https://ncses.nsf.gov/indicators?utm_medium=email&utm_source=govdelivery
> which appeared in a recent message from the US National Science
> Foundation, shows in my email as 
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fncses.nsf.gov%2Findicators%3Futm_medium%3Demail%26utm_source%3Dgovdelivery&data=05%7C02%7Cavrunin%40cns.umass.edu%7Ce6c6579bb4e04efbe41308dc4421f492%7C7bd08b0b33954dc194bbd0b2e56a497f%7C0%7C0%7C638460160763273466%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=eZXjISDka%2Fiqee09LbeG%2B%2BCDHsaIFVO1UHE4DDfOl1w%3D&reserved=0
> ] 
> This is unpleasant and hard to translate mentally to the real URL in
> order to decide whether to click on it or not (which probably makes it
> less secure, but the box-checkers in the campus IT security office
> don't see it that way).   The changes Outlook makes are in the actual
> message source (in text and html parts).
> 
> I would like to rewrite these obfuscated URLs back to their original
> form but I'm not sure of the best way to do this.

I wholeheartedly agree to everything you complain about this insane "security" feature!

My rm_disclaim.pl (perl) script revoves that junk with

--8<---
use URL::Encode::XS qw( url_encode url_decode );

# And useless, irritating and obfuscating wrapping of URL's
s{\bhttps://[\w.]+\.safelinks\.protection\.outlook\.com/\?url=(.*?)(?:&|&)data=\S+?(?:&|&)reserved=\d+\b}
  {url_decode ($1)}ge;
-->8---

as part of a bigger cleanup, where company logo's, useless HTML
attachments, disclaimers and print warnngs are removed and telephone
numbers are consistemtly formatted.

Feel free to steal that snippet when you choose to use perl.

> I have found a number of different python scripts, for example (e.g.,
> https://pypi.org/project/antisafelinks/,
> https://github.com/infosecB/normalize-atp-safelink/blob/master/normalize_atpsafelink.py,
> https://stackoverflow.com/questions/46504003/decoding-microsoft-safelink-url-in-python,
> though I haven't read any of the code carefully) that can do this in
> some fashion. Can these, or some modification of one of them, be used
> with the python plugin for claws? Or is there a better way to get the
> URLs rewritten? Send the messages through something like
> procmail/formail? 
> 
> If the python plugin can be used, can someone  point me to some
> examples of using it to modify mail messages (as opposed to modifying
> compose buffers, for instance).  I haven't done much programming in
> recent years and have never done anything serious in python, so lots of
> detail about any suggestion (python or not) would help me.
> 
> If it matters, I'm currently running claws-mail 4.2.0 on Fedora 39.  
> 
> Thanks,
> 
>   George

-- 
H.Merijn Brand  https://tux.nl   Perl Monger   http://amsterdam.pm.org/
using perl5.00307 .. 5.37        porting perl5 on HP-UX, AIX, and Linux
https://tux.nl/email.html http://qa.perl.org https://www.test-smoke.org
                           
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20240318/c505b263/attachment.sig>

More information about the Users mailing list