Unexpected approval email behaviour

Unexpected approval email behaviour

Unexpected Auto Approval of Invoices/PO’s through email

We have reports of invoices and purchase orders being auto approved when the approval email gets sent out to the users. This then stops the user from clicking the link as its already been done and therefore the link has expired. In order to fix this please find the relevant information below for specific software causing the issue.

 

General Fixes

First please ensure that the following domains are allowed to bypass the spam filter by marking them as safe senders. This should sort almost all issues to begin with. You can do this on MessageLabs, Barracuda, and Office365 so ensure this is done first before following the specific instructions below.

https://myzahara.net

https://www.zaharasoftware.com

 

Office 365/Outlook Online – For Single users

  1. Click on the Gear icon in the top right corner (left from your own profile image).
  2. Open the Options page:
  • Outlook on the Web (OWA) for Office 365
    My app settings-> Mail
  • Outlook.com
    Options
  1. In the Options’ Navigation Pane on the left choose:
    Mail-> Layout-> Link preview
  2. Uncheck the checkbox in front of: Preview links in email.
  3. Press the Save button at the tab.
  4. Press the Back button or Options header at the top of the Navigation Pane to return to your Mailbox.

 

Office 365/Outlook Online – Disable for all users (Admin required)

When you are an Office 365 administrator and want to disable the Link Preview feature for all the users in your tenant, you can do so via the following PowerShell command.

  1. Connect to your Office 365 Exchange Online tenant using PowerShell with an administrator account.
  2. After logging on, execute the following command;
    Set-OrganizationConfig –LinkPreviewEnabled $false

This will completely disable the feature for all your users and they won’t be able to enable it themselves anymore either.

Barracuda

At issue is a part of the Barracuda email filter called the intent filter. There are 3 different modules to this filter.

  • Intent analysis – Markers of intent, such as URLs, are extracted and compared against a database maintained by Barracuda Central.
  • Real-Time Intent Analysis – For new domain names that may come into use, Real-Time Intent Analysis involves performing DNS lookups against known URL blocklists.
  • Multilevel intent analysis – Use of free websites to redirect to known spammer websites is a growing practice used by spammers to hide or obfuscate their identity from mail scanning techniques such as Intent Analysis. Multilevel Intent Analysis involves inspecting the results of Web queries to URLs of well-known free websites for redirections to known spammer sites.

According to Barracuda support it is the multilevel intent analysis module responsible for clicks on links. From the behaviour descriptions we’ve seen from different people, it appears at least some ESP click tracking domains are included in the “redirectors” category.

This will need to be disabled to resolve the issue.

 

MessageLabs

The Click-time URL Protection service is available to organizations that use Email Threat Detection and Response. The Click-time URL Protection service “rewrites” and performs checks on certain URLs in emails that are delivered to your organization’s end users. The process of rewriting allows the service to manage access to the URL to ensure the destination is innocuous.

This will need to be disabled to resolve the issue.

The Click-time URL Protection settings page is located in the portal at Email Threat Detection and Response > Click-time URL Protection Settings.

The Click-time URL Protection incidents are viewable on the Email Threat Detection and Response > Click-time URL Protection Incidents page of the portal.

Click-time URL Protection also uses a system-level operations whitelist, which excludes commonly trusted domains from click-time rewriting or processing. You can create your own organization whitelist in the portal by adding your trusted domains to be excluded from click-time protection.

 Further information can be found here

Marketo

We are aware that this happens with the Marketo package but there is no released fix as of yet.

Best thing to do is call them and find out how to get it disabled.

 

Hopefully this helps with the issues you are having, if not please log a ticket by emailing the following:

help@myzahara.net

 

We can then investigate it further for you.

written by Kyle Milsom – systems specialist @ Zahara.



    • Related Articles

    • Invoice approval icon is flashing amber after Ad hoc approval

      When you send an invoice out for approval via the Ad hoc method, you are asked to "Choose the Outcome". If you select "Treat as complete", it will mark the invoice as approved after it has completed. If you do not select this checkbox, the Approval ...

    • Approval FAQ's

      How can I tell if something is approved You will see a green icon if a document has gone into a workflow and been approved What does a grey approval icon mean  This means a document hasn't actually gone into a workflow. You can set Default approval ...

    • Approval Email Templates

      Business Settings > Templates The wording of your Emails including the approval email is edited in the Approval template as shown below. You can change the wording and drop in any placeholders you need from the Format menu. The Approve and Reject ...

    • Approval Delegate

      Approval Delegate  With this feature we are answering the question “Can I stop someone approving their own purchases”.  Example, you want to prevent the CEO from raising a purchase request for $500K and approving it themselves. To do this you enable ...

    • Supplier email addresses

      Supplier email addresses You can record multiple email addresses per supplier. This allows orders to be sent to different people (you select the email address when raising an order) but also allows you to record email addresses for new features we ...