EveryCloud Technologies    

The Following article provides a Overview of the Features of the URL rewriting feature of the Advanced Threat Protection (ATP) Service. Please read it carefully.


Once enabled, URL’s in incoming messages will be tested for any harmful content.  This is accomplished by rerouting the URL through our ATP filter, which acts as a web proxy and scans the content of the website before forwarding the user to the webpage.


Due to the rewriting of the URL, the recipient will notice a change in behavior:


  • The URL from within the email will change, and the structure will look similar to this: atpscan.global.hornetsecurity.com + a generic ending
  • When opening the URL, the URL is scanned using a filter powered by Hornetsecurity and the recipient will see the Hornetsecurity ATP banner (as shown below) at the top of the webpage.



  • Clicking on “please click here” in the banner will scan any links in the requested website (a status message will appear as shown below) and allow for the website to be displayed normally.


 URL rewriting won’t function as expected in certain circumstances: 

  • It is disabled for signed/encrypted messages to preserve email integrity. 
  • Rewritten URLs for internal websites will be blocked.
  • If the requested website has been shortened using a tool such as bit.ly and then that link has been shortened again by another shortening service, then the URL will be blocked.


URL Decoder

If you want to convert the cryptic URL back to its original state, you can use the URL Decoder.

False Positives

During the initial deployment of the URL re-writer, there may be some false positives. If these are encountered, please let our support team know. 



URL Rewriting as well as the Target Fraud Forensic Filter will need to be enabled through our customer support. Enabling the ATP filter through the Control Panel alone will not be sufficient.
Please email support@everycloud.com asking for URL Rewriting to be enabled.

To minimize the risk of False Positives, we recommend providing a list of domains to "whitelist". Such domains could be for example:

  • Your internal customer domains.
  • Any external domains included on inbound messages, such as links to online platforms (e.g. salesforce.com, hubspot.com), customized URLs,
  • Any banking websites used
  • etc

Informing your users

We would recommend that you inform your users that the URL re-writer has been enabled so that they are aware of any difference in the behavior when they click on links within an email. Attached is a suggested guide that you could amend with your details and send to your users.

If you haven’t done so yet, you can sign up for a free trial on our website Here.