A couple of users got spammed with a short email; just two lines and a link.
One of them opened it "without thinking" (his words:) and immediately closed it before actually processing (with his brain) what came up in the browser.
He let us know about this. Not about to open the link in a browser, I grabbed it with wget. 404.
"Weird," I think. "It's less than 20 hours old, I doubt they've taken it down this soon..."
Try wget again, but this time have it send a user agent string that looks like Chrome...
Boom - 30X redirect chain through half a dozen different sites, finally landing on a rotating page with obvious junk that, had it been in the email, or, I assume, reachable by the Barracuda for analysis, would have caused the email to get blocked.
Switched back and forth a bit between using wget with no user agent specified and with the Chrome-looking one, on the various redirect urls, and each time, the wget UA got either a 404 or 403, but the Chrome-looking one got a redirect to the end site and page.
Now, I'm assuming from stuff I've read in the distant past, and from the Multi-Level Intent feature's description that the Barracuda will follow links to look at content of the pages linked in an email, and make decisions based on that content. Anyone know if this is actually the case for all/most possible links? The feature description only calls out "...well known free websites for redirection" so maybe this link didn't fall into that category?