Advisory: Central Email re-written Time of Click URLs inaccessible.


Central Email re-written Time of Click URLs  inaccessible.

Applies to the following Sophos product(s) and version(s)
Sophos Central Email


A small subset of customers are reporting when time of click re-written URLs and accessed they are presented with a 401 - Access denied due to invalid credentials error for some emails. The URL cannot be properly accessed.

Current status

Development is currently investigating

What to do

Please refer to this article for further details as it gets updated. If Sophos Technical Support has already been contacted please refer to this article.


The following workarounds can be attempted to access the URL:

Workaround 1:

  • Try opening the email and link in a different mail client. In some instances the issue may occur only when opening the link/email in Windows Outlook Client, the same links have been reported to work in Outlook Web Access and in Outlook client on MAC OS.

Workaround 2:

  • If the email that was re-written cannot be resent, the original URL can usually be obtained.
  1. Copy paste the rewritten URL in Notepad++;
  2. Select everything AFTER '&u=' UP TO the next '&' sign (usually ends with '==');
  3. Right-click the selection > Plugin commands > Base64 Decode;
  4. Your selection should now look mostly human readable;
  5. You can then copy paste that into a URL decoder like to get the real link (be careful when opening the decoded URL, it could be malicious, only try opening the link for trusted emails).

Workaround 3:

  • If the email can be resent again from a trusted sender and the issue occurs for every email from them, the URL can be added to the URL allow list temporarily: Under Global Settings > URL allow list

Next update

This article will be updated when information becomes available