URL Defense Guide
URL Defense Guide using Cisco Secure Email
About
URLs are seen in emails each day, every day.
Not all URLs are safe.
What does Cisco Secure Email do to analyze and protect the end-user from malicious and suspicious URLs? Two options:
- URL Filtering
- URL Rewrite and Analysis (using Outbreak Filters)
Both provide a layered approach to analyze suspicious and stop malicious URLs from processing through emails.
URLs in incoming and outgoing messages (including attachments) are evaluated. Any valid string for a URL is evaluated, including strings with the following:
- http, https, or www
- domain or IP address
- port number preceded by a colon (:)
- uppercase or lowercase letters
When evaluating URLs to determine whether a message is spam, if necessary for load management, the system prioritizes screening of incoming messages over outgoing messages.
To better understand how URL Filtering and URL Rewrite + Analysis work, lets first take a look at to where they fit in the Email Pipeline with-in Cisco Secure Email.


Click image to enlarge
From the order of processing, URL Filtering happens during Message Filtering or Content Filtering.
URL Rewrite and Cloud URL Analysis are functions with-in Outbreak Filters, occurring after URL Filtering.
There are opportunities with-in the mail processing that URL Filtering may catch and detect malicious and suspicious URLs prior to URL Rewrite and Cloud URL Analysis triggering in Outbreak Filters.
Want to know more regarding Cloud URL Analysis (CUA)?
- Cloud URL Analysis is Cisco Talos' URL intelligence generating service.
- Please see Cloud URL Analysis from URL Rewriting and Analysis (using Outbreak Filters).
URL scoring or categorization dispute?
- Please see Reporting Disputes to Cisco Talos
Ready to get started with our best practices for URL Defense?
![]() |
---|
Updated 10 months ago