What are “safe link” rewriting systems (Microsoft ATP, Gmail Safe Browsing)?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

You send a carefully crafted email with a link to your landing page. A recipient in a corporate environment clicks it. Instead of going straight to your page, they briefly see a URL that starts with safelinks.protection.outlook.com before being redirected. That's a safe link rewriting system doing its job.

Safe link systems are security features built into corporate email gateways. Rather than scanning links once at delivery time, they rewrite every URL in incoming messages to route through the provider's security infrastructure. When a user clicks, the gateway scans the destination in real time, checks it against threat databases, and either lets the user through or blocks it with a warning. Microsoft Defender for Office 365 (formerly ATP) is the most common implementation. It replaces your links with long safelinks.protection.outlook.com URLs. Google Workspace has a similar feature in its email security settings.

For legitimate senders, safe link rewriting creates a few practical considerations. Your click tracking may behave differently because the initial redirect goes through the gateway rather than directly to your tracking URL. Some links, particularly complex redirect chains, may break entirely or generate additional latency that frustrates users. And your click analytics will show gateway proxy IP addresses rather than real user IPs, which affects any geo-based analysis.

The key takeaway: keep your links simple and clean. A single redirect from your tracking domain to your destination is far less likely to cause problems than a chain of three redirects. And make sure your sending domain and tracking domain are not on any blocklists, because safe link systems check those databases at click time.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Help me fix my links for corporate email gateways

I'm sending emails to corporate recipients and I'm seeing [broken links / tracking issues / redirect chains / user complaints about security warnings]. I think it might be related to Microsoft Defender safe links or a similar gateway. Help me understand what's happening to my links and how to fix it.

Edit the yellow boxes, then send to the AI of your choice.