Skip to main content
S
Serzhan
New Member
May 13, 2026
Question

Fortimail 8.0 not working final url

  • May 13, 2026
  • 3 replies
  • 58 views

Hello,

 

I have a question regarding the “final URL inspection” improvements mentioned in recent FortiMail updates.

 

According to the release information/documentation, FortiMail should now be able to:

 

* resolve redirects,

* analyze the final destination URL,

* inspect the final URL behind redirect services.

 

However, during my testing this behavior does not appear to work during SMTP/antispam inspection.

 

Test scenario:

 

* The email contains a redirect URL (Google redirect / notifications.googleapis.com).

* The final destination URL is already categorized as phishing/malicious.

* FortiMail rewrites the URL for URL Click Protection, but the email itself is still delivered.

* In message logs and antispam logs I only see the original redirect URL. There is no information about the resolved/final URL.

* URL Click Protection blocks the link only at click time, not during message inspection.

 

Questions:

 

1. Is “final URL inspection” only implemented for URL Click Protection at click time?

2. Is there any feature/configuration required to enable SMTP pre-delivery final URL enforcement?

3. Should FortiMail display the resolved final URL in antispam or scan logs?

4. Does this functionality work only for specific redirect providers?

 

Currently it looks like FortiMail detects and rewrites the redirect URL, but does not use the resolved final destination during antispam policy evaluation

.

 

FortiMail version: 8.0

3 replies

AEK
SuperUser
AEK
SuperUser
May 13, 2026

Hello Serzhan

As per my knowledge of FortiMail this feature is part of Click Protection where the link (with its redirections) is evaluated on user click.

AEK
Anthony_E
Staff
Anthony_E
Staff
May 13, 2026

Hi,

 

Here soeme answers I hope qwill help:

1. Is “final URL inspection” only implemented for URL click protection at click time?

The context does not explicitly mention "final URL inspection" as a feature. However, URL Click Protection is a feature that involves scanning URLs when they are clicked, using FortiGuard and FortiSandbox services to determine if they are safe. This suggests that URL inspection primarily occurs at the time of the click.

2. Is there any feature/configuration required to enable SMTP pre-delivery final URL enforcement?

The context does not provide specific information about SMTP pre-delivery final URL enforcement. It primarily discusses URL Click Protection, which is configured under the FortiGuard settings for URL protection and involves actions taken when URLs are clicked.

3. Should FortiMail display the resolved final URL in antispam or scan logs?

The context does not specify whether FortiMail displays the resolved final URL in antispam or scan logs. It does mention that FortiMail can rewrite URLs for click protection, but it does not detail how these URLs are logged or displayed.

4. Does this functionality work only for specific redirect providers?

The context does not mention any limitations regarding specific redirect providers for URL Click Protection. It generally describes the process of rewriting and scanning URLs without specifying particular providers.

 

Anthony

Best Regards
S
SerzhanAuthor
New Member
May 14, 2026

I see, thank you all for explaining!

Terms & ConditionsAccessibility statement