Email security – defanging URLs
When the contents of an artifact are within an email notification, any web and IP addresses are automatically “defanged” to prevent the user from inadvertently clicking a malicious link.
When URLs are deranged, the following actions occur.
http
is replaced withhxxp
.ftp
is replaced withfxp
.- Brackets are added to domain names; for example, www.example.com is replaced with www[.]example[.]com.
- Brackets are added to the IP address; for example,
8.8.8.8
is replaced with8[.]8[.]8[.]8
.
You might have a number of legitimate domains that you do not want to be "defanged." In this
case, you can create an allowlist that allows the specific domains to remain untouched. To see the
current setting of the allowlist, enter the following
command.
sudo resutil configget ‐key whitelist_defang_domains
Use the following command to create the allowlist. For multiple domains, use a comma (,) as a
separator.
sudo resutil configset ‐key whitelist_defang_domains -svalue $<domain>
The following example adds the example.com and
example.org domains to the
list.
sudo resutil configset ‐key whitelist_defang_domains -svalue example.com,example.org