IDGN IT Solutions

About the Extractor and Trackers

Understand how the tool works and why it is necessary for your corporate security.

How does the tool work?

The Link Extractor is designed to parse long, complex, and obfuscated URLs received via email, social media, or messengers, aiming to reveal their true destination. The tool works in two simultaneous ways:

  • Local Processing (Client-Side): Scans the URL for known tracking parameters (UTMs, GCLID, FBCLID) and extracts links hidden within Base64 encoded payloads (common in AWS SES, SendGrid, and Mandrill).
  • Server Resolution (Server-Side): For links using blind redirection (HTTP 301/302) where the destination is not written in the original URL (common in systems like Thomson Reuters, Bit.ly, or t.co), our server acts as an intermediary. It discovers where the link points and returns the clean URL to the user, without logging the click on the origin platform.

What are Trackers?

Trackers are digital mechanisms used by marketing companies, email platforms, and social networks to monitor user behavior. When you click on a tracked link, you are not taken directly to the destination site. First, you invisibly pass through the marketing company's server.

During this millisecond of redirection, the server collects valuable data:

Exact identification of who clicked (linked to your email address).
The date, time, and response time of your interaction.
Geographic location based on your corporate or residential IP Address.
Data about your device, operating system, and browser (User-Agent).

Why do Firewalls block these links?

In corporate environments, information security is managed by advanced Firewall appliances (like Fortinet, Palo Alto, SonicWall, PfSense) and DNS filters. These systems operate with global threat and reputation databases.

Tracking domains (e.g., click.domain.com, mandrillapp.com/track/click/) are routinely categorized by these security tools as:

  • Loss of Privacy (Spyware/Tracking): Direct violation of internal security policies that prevent telemetry leaks from the corporate network to external entities.
  • Phishing Risk: Hackers frequently use legitimate email marketing providers to mask malicious links. The firewall blocks the redirecting domain to prevent the user from being taken to a fraudulent page hidden in the payload.
  • SPAM: Domains involved in massive blasts automatically have their reputation downgraded.

The result: When you click on a link for an invoice, contract, or webinar, the Firewall cuts the connection halfway because the tracking domain is blocked. You receive an "Access Denied" screen, even if the final destination is a legitimate site (like Microsoft Teams or an accounting portal).

The Importance of using the Extractor

Using the Link Extractor bypasses the clash between external companies' need to communicate and the strict security policies of your local network. Its main advantages include:

Guaranteed Access

By removing the tracking layer, you get the direct URL of the service (e.g., billing site). Since the direct URL is not blocked by the Firewall policy, access is guaranteed, preventing operational downtime.

Absolute Privacy (Anti-Tracking)

The sender of the email will not know that you opened or clicked the link. All engagement metrics based on your click are neutralized, ensuring the privacy of your action.

Preventive Security

Allows you to visually inspect where the link is pointing before accessing it in the browser, preventing targeted Phishing attacks (Spear Phishing).

Access Link Extractor