All "link protection" services that are used to rewrite and redirect links to their intended target are garbage.

Security vendors, such as Proofpoint, Microsoft, Sophos, Barracuda, Mimecast, and countless others need to stop. Their services are actively being abused, they're not doing anything about it, and it's just another example of the enshittification happening to email and the Internet.

It doesn't make email more secure. They're nothing more than click-tracking and link obfuscation tools being used by bad actors and unscrupulous tech companies.