Posted on by Achim D. Brucker, licensed under CC BY-ND 4.0.

Unsanitize Safelinks

Both the home/personal online offerings of Microsoft Outlook (e.g.,, Office 365 Home, or Office 365 Personal) and the professional Office 365 offerings (e.g., as part of Office 365 Advanced Threat Detection) might rewrite links in received emails with the goal of protecting users against certain threats (e.g., phishing).

For various reasons, one might to rewrite these “safelinks” back into their original form.

The script unsantize-safelinks does exactly this. This can, for example, be used for displaying mails nicely in mutt or other text-based mail programs. In your “.muttrc” you need to add/edit the following configuration:

set display_filter="unsanitize-safelinks"

If you want to also rewrite the links when using tools such as urlscan, use:

macro index,pager \cb "<pipe-message> unsanitize-safelinks| urlscan<Enter>"

And the following trick rewrites the links prior to editing a message (e.g., when replying):

set editor ="unsanitize-safelinks -i %s && $EDITOR %s"

Finally, if links should be rewritten when viewing the HTML-part, you need to edit your .mailcap entry for type text/html:

text/html; unsanitize-safelinks -i --html %s && /usr/bin/sensible-browser %s; description=HTML Text; nametemplate=%s.html


The project is licensed under a 2-clause BSD license and available at:

Welcome to the blog of the Software Assurance & Security Research Team at the University of Exeter. We blog regularly news, tips & tricks, as well as fun facts about software assurance, reliability, security, testing, verification, hacking, and logic.

You can also follow us on Twitter: @logicalhacking.




academia ai android apidesign appsec bitcoin blockchain bpmn browser browserextensions browsersecurity bug certification chrome composition cordova dast devops devsecops dom dsbd efsm epsrc event extensions fixeffort floss formaldocument formalmethods funding hol-ocl hol-testgen humanfactor hybridapps iast industry internetofthings iot isabelle/hol isabelledof isadof latex logic maintance malicous mbst mobile mobile apps modelinference modeling monads monitoring msc ocl ontology opensource owasp patches pet phd phdlife phishing policy protocols publishing reliability research safelinks safety sap sast sdlc secdevops secureprogramming security securityengineering securitytesting semantics servicecomposition skills smartcontract smartthings softwareeinginering softwaresecurity softwaresupplychain solidity staff&positions statemachine studentproject tcb test&proof testing tips&tricks tools transport tuos uk uoe upgrade usability verification vulnerabilities vulnerableapplication webinar websecurity


blog whole site