We would like to be able to investigate (see the details) emails that have had their URLs rewritten so that we can determine if further actions are required such as blocking the website, see if they have been clicked by users, if they are deemed as malicious, what type of malware or threat is associated with the link. At this time we are unable to determine what the original link was in the sophos email appliance. We would like to see the same capabilities Proofpoint provides around this available for the email appliance.