Spearphishing emails with dangerous links are legitimate concerns for many organizations including Compliance and its customers. Many IT departments deploy URL rewriting software to identify and "quarantine" potentially dangerous URLs, but sometimes the rules behind these security suites are overly aggressive and break otherwise safe and important URLs such as those required for password reset flows.
​

If the links included in Compliance's password reset emails are modified in any way, it can cause the user to be stuck in a "loop" where they are unable to successfully complete the reset process.
​

When conducting a password reset, the URL included in the email should be in the following format:

https://api.threatswitch.com/v1/auth/password/edit.[ID]?reset_password_token=[token]&config=default
​

Any deviation from the password reset format will cause a password loop. Companies using email security tools that adjust links will need to whitelist Compliance.
​

Outlook ATP Safelinks

If using Outlook ATP Safelinks, policies need to be updated in order for links to come through without modification. If password reset emails are being modified by Safelinks, the URL string will be preceded by: https://nam04.safelinks.protection.outlook.com/?
​

IT Teams will need to add a whitelist policy to their ATP Safelinks for the domain: threatswitch.com. Please see the relevant 365 support article for more information.
​

​

It is recommended to use a generic wildcard format around threatswitch.com to ensure that all ThreatSwitch links function.
​

Mimecast URL Protect

Mimecast's URL protect rewrites certain URLs which can send users into a password reset link. A Mimecast URL policy needs to be added whitelisting Threatwitch.
​
​

If you have encountered a password reset loop and have remedied it but are still having issues, or are generally having difficulties with password resets read below.

Password reset security considerations to know: