@bert_hubert yes, it's a big privacy and security issue with Microsoft's mail hosting. I have to use https://addons.thunderbird.net/en-US/thunderbird/addon/unmangle-outlook-safelinks to avoid Microsoft learning about links/URLs that I click on, also many that are used within the corporate intranet and should not really be exposed to the outside. (Doesn't really matter when Exchange isn't on-premise anymore though.)
Conversation
Notices
-
Embed this notice
Julius Schwartzenberg (jschwart@mas.to)'s status on Thursday, 23-Jan-2025 05:26:46 JST 
Julius Schwartzenberg
-
Embed this notice
bert hubert 🇺🇦🇪🇺 (bert_hubert@fosstodon.org)'s status on Thursday, 23-Jan-2025 05:26:47 JST 
bert hubert 🇺🇦🇪🇺
So I send out login links in emails. If the user clicks on the link, JavaScript in that webpage will *POST* to a URL to log in. The login token works only *once*. I now have a user that tells me they can't log in. From the logs, I see a Microsoft IP address POSTing that login link. Is some kind of MS email security product executing JavaScript and POSTING things? Is this a known phenomenon? I've now made this a login *button* which the user has to click again. I hope it helps.
-
Embed this notice
All GNU social JP content and data are available under the