My client has been using the email gateway for some years now.
About 6 months ago my client reported that emails would not send, they received a message saying Cannot send this item.After investigating I found it related to long URL's, once an email chain gets so long the links block the reply emails being sentWe use TOC via the email gateway, this is the cause of the issue as it rewrites the URL every time an email is sent even though it rewrote them previously.MS released a fix for this in April:https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-cannot-send-this-item-email-bug/This didn't resolve the issue my client is having, the fix may have been for 365 TOC.I have logged cases with support but not got anywhere, has anyone else seen this problem?
We are having the same issue here since going live with Sophos Email Security with TOC enabled last week
I have had to turn Sophos TOC off due to too many users having problems.
I had turned off the URLs for links in our signatures, but now with our TOC off, I see replies coming from outside partners where they are re-writing with their own TOC - which then would be re-written again by Sophos TOC. I'm going to try adding safelinks.protection.outlook.com to our safe list and see if that might help for outside parties that use Microsoft ATP.
It would be great to see a summary of what top level domains are being processed by Sophos TOC. The current Time of Click Summary report shows a summary of the number of clicks, but no details.
If we could see that 50% are from a trusted domain, we could add that domain to the URL allow list to help minimize this problem.
Or Sophos could just fix the problem and shorten the TOC links... that would stop this thread from getting the extreme amount of views it is getting.
Did you find a solution to this yet? What did you end up doing?
The issue seems to be way more prevalent on the current Office channel, so we're switching to the semi-annual enterprise channel, and that seems to help a lot, but doesn't completely eliminate the issue. This means we've also had to whitelist *.safelinks.protection.outlook.com in the Sophos Central portal. So we're not actually using Sophos Time of Click for email protection on sites that have gone through Exchange Online, which defeats the purpose of using Sophos ToC in the first place.
I wish Sophos could just shorten their ToC links, but for some reason they just don't want to do that, and instead prefer that we stop using their product.
Thanks for your suggestion. You said whitelist *.safelinks.protection.outlook.com in the "URL allow list" only?
Yes, that's right: Sophos Central -> Email Security -> Settings -> URL Allow List.
I've disabled Sophos TOC for the time being and haven't investigated again. Everytime I think about it I wonder why I don't just scrap Sophos Email and use MS 365 Defender... Will also look into Øivind Hagenlund's suggestion of whitelisting safelinks.
It's stupid I turned off both "URL re-writes" but left "Time of Click URL Protection" turned on and had issues because it still did re-write urls and I do it see from sophos in Email security policys.
So I worked with support several months ago and I believe we found a decent work around. The issue is actually not so much the URL re-writes are long but actually because the O365 has its own URL re-write. Both system re-write each other and you end up with something outlook does not like at all. This is how we resolved it, I have not seen it in our environment in months.
First you need to whitelist the safelinks URL as stated above. You may also want to consider whitelisting Proofpoint. Next you have to disable the URL re-write from the O365 side, this cannot be done via GUI if you have O365 Business basic like us. Those with Defender licenses actually have a toggle switch. I researched this for days and even contacted microsoft support which told me to go pound sand. I found an article not even related to what I was looking for that had the answer. You need to create a new mail flow rule with the following settings:
Essentially where the problem originates is your O365 re-writes URLs first then Sophos goes in behind it and does the same thing. It's worth noting we're still using gateway mode and not Sophos Mailflow just yet. Mailflow might fix this issue.