A security risk has been discovered on the SAM functionality, whereby malicious actors were using the SAM redirection link to point users to fraudulent sites, hidden behind a valid-looking url. This security risk only applies to customers using the "redirectTo" URL parameter in the email campaign link.
...
For example, to authorize redirections to https://mydomainsecutix.com, the list must include mydomainsecutix.com. Subdomains, such as a subdomain.mydomainsecutix.com will also be authorized.
Please notice this list is exported in the catalog and as such is only applied once the web shop has resynchronized, which can take a few minutes.