NEW V3.11 To enhance the security of SAM and prevent malicious actors from using SAM redirection links to point users to fraudulent sites hidden behind a valid-looking URL, we have put in place additional restrictions for customers redirecting customers to a URL other that their SecuTix internet point-of-sale. All external URLs used in redirections must now been whitelisted in the system prior to sending the campaign.

How to get started

To address this risk, the SAM functionality will now only allow redirections to trusted sites that are whitelisted in the backend point of sales configuration. This list can be found on the Gravity tab, as shown on the right. Note that this security risk only applies to customers using the redirectTo parameter in the email campaign to redirect customers to a website other than the ticketshop.

The list consists of a single domain per line. To allow a SAM redirection to an external site (different from the point of sales), the domain of the site must appear in this list. Access is also authorized for subdomains of those listed here.

If left empty, redirections will only be allowed to the domain of this point of sale (including subdomains).

For example, to authorize redirections to https://secutix.com, the list must include secutix.com. Any subdomains of a whitelisted URL, such a subdomain.secutix.com, will also be authorized.

SAM: Security upgrade - whitelisting required for redirections to other sites

How to get started