#2498 new
Stacey Marshall

Mailmate is not handling modified URLs in Mail for Targeted Attack Protection consistently.

Reported by Stacey Marshall | February 21st, 2020 @ 09:52 AM

Mailmate is not handling modified URLs in Mail for Targeted Attack Protection consistently.

MailMate version 1.13.1 (5671).

Targeted Attack Protection (TAP) from Proofpoint modifys emails sent to my company email:

Any emails you receive into your account from an external source will be assessed by this service to provide URL and attachment defense capability.

  • Emails containing external URLs will be rewritten to include urldefense.proofpoint.com so they can be assessed by TAP when you click on the URL.

When I click on most of these modified links I am directed to https://urldefense.com/jerror and not the page intended.

Captured the URL being sent to Firefox by

  1. Disable Choosey.app (just in case it was doing aything untoward).
  2. Enabled Logging via 'about:networking`
  3. Clicked on the URL in MailMate

When I compare the URL logged via Firefox to the link in the e-mail I find that the final dollar has been removed.

An example of a TAP modified URL, note it has final dollar character at the end.

https://urldefense.com/v3/__https://github.com/osstech-jp/openldap/commit/bba50bf6533d8f67dcbfc990b6b3161d22b4de85.patch__;!!GqivPVa7Brio!KDGhmN2slqGIqw4BFaQkTYmT7Tj8mq0aUeWtflW1P3dYJhH8Nxl7zGE_a-_SxDJKZsHI$

URL passed to firefox when clicked on has dollar removed:

https://urldefense.com/v3/__https://github.com/osstech-jp/openldap/commit/bba50bf6533d8f67dcbfc990b6b3161d22b4de85.patch__;!!GqivPVa7Brio!KDGhmN2slqGIqw4BFaQkTYmT7Tj8mq0aUeWtflW1P3dYJhH8Nxl7zGE_a-_SxDJKZsHI

Opening the email in Mail.app and clicking on the link there is a laborious workaround.

The fault does not appear to be consistent. In preparation for this ticket I sent myself a link, via external account, and that was handled correctly!

https://urldefense.com/v3/__https://staceymarshall.wordpress.com/__;!!GqivPVa7Brio!JZfEnZ9XS7DsTjRVTHm_gl6-RcqMyt3H9RvaI5HDJ2s0I4LS6g8RnnlDQzcO0bi3Dz1K$

Comments and changes to this ticket

  • Stacey Marshall

    Stacey Marshall February 21st, 2020 @ 09:57 AM

    Noticed that MailMate indeed highlights the whole link in blue except for the final dollar :-)

    If I select the whole URL including the dollar and OPEN URL it opens correctly.

    • OPEN URL I have a keyboard Shortcut which opens selected text.
  • Stacey Marshall

    Stacey Marshall February 21st, 2020 @ 10:12 AM

    In the test email (where the dollar was passed through) the body source looks like this:

    --000000000000838c19059f11f2cc
    Content-Type: text/plain; charset="UTF-8"
    Content-Transfer-Encoding: Quoted-printable
    
    Well, why was this not converted then?
    
    https://urldefense.com/v3/__https://staceymarshall.wordpress.com/__;!!GqivP=
    Va7Brio!JZfEnZ9XS7DsTjRVTHm_gl6-RcqMyt3H9RvaI5HDJ2s0I4LS6g8RnnlDQzcO0bi3Dz1=
    K$=20
    
    --000000000000838c19059f11f2cc
    Content-Type: text/html; charset="UTF-8"
    Content-Transfer-Encoding: Quoted-printable
    
    <div dir=3D"ltr"><div>Well, why was this not converted then?</div><div><br>=
    </div><div><a href=3D"https://urldefense.com/v3/__https://staceymarshall.wo=
    rdpress.com/__;!!GqivPVa7Brio!JZfEnZ9XS7DsTjRVTHm_gl6-RcqMyt3H9RvaI5HDJ2s0I=
    4LS6g8RnnlDQzcO0bi3Dz1K$">https://staceymarshall.wordpress.com/</a></div><d=
    iv><br></div><div><br></div></div>
    

    While the e-mail where the links are not passed through correctly (elided a little)

    https://urldefense.com/v3/__https://github.com/osstech-jp/openldap/commit/b=
    ba50bf6533d8f67dcbfc990b6b3161d22b4de85.patch__;!!GqivPVa7Brio!KDGhmN2slqGI=
    qw4BFaQkTYmT7Tj8mq0aUeWtflW1P3dYJhH8Nxl7zGE_a-_SxDJKZsHI$=20
    https://urldefense.com/v3/__https://github.com/osstech-jp/openldap/commit/b=
    ba50bf6533d8f67dcbfc990b6b3161d22b4de85__;!!GqivPVa7Brio!KDGhmN2slqGIqw4BFa=
    QkTYmT7Tj8mq0aUeWtflW1P3dYJhH8Nxl7zGE_a-_SxKwwBOjg$=20
    

    So maybe the one that worked has HTML while the failing one does not?

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Mac OS X email client.

Shared Ticket Bins

People watching this ticket

Tags

Pages