Sophos Central Admin: Sophos Central Engineering will be performing routine maintenance to Sophos Central on Saturday February 1, 2020 starting at 13:00 (UTC). For more info please see KBA 133402.

AWSTRACK.ME client Firewall blocking , need to be clear what this is for and what other IP/Domains there are.

Tried to perform a campaign on a trial account for a client who might want to buy for the entire company. We sent them the list of Domains and IP's Sophos says to white list but it looks like the links in the Phishing emails redirect to jk3bt83s.r.eu-west-1.awstrack.me/ before they hit Sophos. This is getting cause as a spam link by there firewall and they dont want to unblock it without knowing exactly what it is. Also this domain should be added to the whitelist since it seems to be required for the campaign to work.

 

Any guidance? 

  • Hey  

    This link redirection (to AWS' Tracking services) is used to track which users have clicked the link. I will reach out to our KB team to suggest adding a note to our KBA about this expected behavior and a note to create a web proxy exception for the URL (*.awstrack.me)

    In regards to your situation, is their firewall categorizing these emails as SPAM due to email content filtering? This would mean that the exceptions have not been properly configured if these emails are not being fully exempted from email scanning etc.

    Or is it their web proxy that is blocking access to these links?

    Regards,

  • In reply to FloSupport:

    Please view the updated KBA here.

    • Links contained within campaign emails are configured to redirect users to an awstrack.me URL. This is an expected behavior as Phish Threat uses AWS tracking to determine which users have clicked on the malicious links.

    Regards,

  • In reply to FloSupport:

    This is great and we appreciate it.

     

    We are still having a problem with blocking after the company whitelisted the individual AWS address. Is there anyone internal who might know what the pool of AWS address are? We do not want to have to white list all of AWS as this is a security concern. 

  • In reply to Andrew Garcia:

    Hi Andrew,

    I'd advise to please raise a support case so we can bring this up to our team for confirmation.

    Please ensure to also share your case number with me through PM so I can follow up accordingly.

    Thanks!