proofpoint-url-decoder icon indicating copy to clipboard operation
proofpoint-url-decoder copied to clipboard

Published 20 hours ago verified publisher icon cardi

decode parameters

Open cardi opened this issue 8 years ago • 0 comments

A Proofpoint URL takes the format of the following: urldefense.proofpoint.com/v2/url?[params]

where [params] consists of the following:

c := constant (per organization) d := constant (per organization) e := always empty? m := ? r := unique identifier tied to email address s := ? u := safe-encoded URL

m might be a hash of the original URL or some metadata s might be a signature or checksum

Disturbingly, each URL contains a unique identifier that's tied to the individual's email address, letting the organization (that hosts the email) and Proofpoint logs when a particular user clicks on a URL and quite possibly crawl the target content.

It would be nice to understand what each parameter does and how it's encoded (or, if possible, how to decode it).

cardi avatar Feb 17 '16 02:02 cardi