Time-of-Click Protection – with the URL Safeguard in NoSpamProxy

Stefan Feist | Technischer Redakteur
Author: Stefan FeistTechnical WriterConnect on LinkedIn

One of the most dangerous tactics used in cyberattacks is to send initially harmless links in emails that only lead to phishing sites or malware after they have been received. Traditional spam filters and virus scanners quickly reach their limits here, as they only check emails once when they are received. But what happens if the link later becomes dangerous? This is exactly where Time-of-Click Protection (ToC Protection) comes in. This modern security technology protects users not only when they receive the email, but at the exact moment they click on the link, regardless of when the email was delivered. Time-of-Click Protection thus offers dynamic, intelligent protection against threats that did not exist at the time of receipt. In this article, we show how Time-of-Click Protection works, why it is indispensable for companies, and how it is integrated into URL Safeguard in NoSpamProxy.

06.08.2025|Last edited:28.08.2025

What is time-of-click protection?

Time-of-click protection (also known as click-time protection or real-time link protection) is a security feature specifically designed to detect and block threats in emails that occur later or are delayed, at the exact moment a user clicks on a link. In some contexts, this approach is also referred to as post-delivery protection.

In many cases, criminals send emails with links that are harmless or lead to genuine, harmless websites. Only after the message has been sent is the linked page manipulated and converted into a phishing page or a page with embedded malware, for example.

Traditional email security software only checks such links when the message is received. If the page is changed later, the recipient falls into the trap when they click on the link at a later point in time.

The solution is to recheck links in emails every time they are clicked – i.e., dynamically. Time-of-Click Protection therefore checks not just once, but repeatedly and can thus always apply the latest knowledge about threats to its analysis. This makes it particularly effective against attacks that would otherwise slip through traditional filters unnoticed.

How does Time-of-Click Protection work?

Time-of-Click Protection is a multiple-level system.

  • 1. Reception

    The respective email is delivered and analyzed.

  • 2. URL Rewriting

    URL Safeguard rewrites links in emails and can optionally rewrite links in text-based attachments. In the case of NoSpamProxy, these links point to the web portal.

  • 3. Link analysis

    32Guards is contacted and the rating for the link’s destination is queried – every time the link is clicked. This clarifies the following questions:

    • Are there any current threats on this domain?
    • Is the site known for phishing, malware, or fraudulent behavior?
    • Does the site contain suspicious redirects, forms, or exploits?
    • Has the target page changed since the original email?

    • 4. Assessment

      The URL Safeguard in NoSpamProxy evaluates the links.

      • If the link is classified as safe, access to the original URL is allowed and executed.
      • If the link is classified as dangerous, access is blocked. A message about the incident is added to the message tracking. Depending on the configuration, the administrator also receives a notification.

    URL-Safeguard-Protected-Links

    Email with links rewritten (protected) by URL Safeguard. The host names of the link targets are displayed directly.

    What are the advantages of time-of-click protection?

    Time-of-click protection is indispensable today because modern threats are constantly changing, even after the email has been received. As a result, time-of-click protection not only provides technical added value, but also protects employees’ daily work and significantly reduces the risk for companies.

    The focus on threats that can arise after the email has been received makes it an important addition to existing security measures such as antivirus programs and firewalls.

    It also minimizes the possibility of damage caused by human error, such as accidentally clicking on a link to a fake login page.

    Not yet using NoSpamProxy?

    With NoSpamProxy, you can reliably protect your company from emails containing dangerous links and benefit from many other security features. Request your free trial now!

    Get your free NoSpamProxy trial now!
    it-sa 2025 – Get your free ticket now!it-sa 2022 PreviewSandbox erklärt: Warum sie in der modernen Email Security unverzichtbar ist PreviewSandbox explained: Why it is indispensable in modern email security