Troubleshoot rewritten or pre-clicked invite links

• A user receives an invitation or sign-in email, clicks the button, and sees "invalid or expired link".
• The link appears to have been rewritten by a mail security product before the user opened it.
• This is commonly reported in Microsoft Outlook environments using Safe Links or Defender for Office 365, and can also occur with Proofpoint or Mimecast.

MindBridge invitation and sign-in links are single-use. Some email security systems pre-check links by opening them automatically. If that scan consumes the token first, the intended recipient sees an expired-link message even though the email is genuine.

Please review your mail security policy and preserve links for these domains:

• greyinsights.org
• mindbridge.greyinsights.org

If your platform supports URL allowlisting, use the MindBridge sign-in and invitation routes under these domains so links remain intact for staff users.

• Review Safe Links or Defender for Office 365 policies that rewrite or detonate URLs.
• Confirm whether time-of-click protection, pre-delivery scanning, or link rewriting is affecting MindBridge emails.
• Where allowed by your policy, add the MindBridge domains to the relevant allowlist or "do not rewrite" policy for invitation and sign-in emails.
• After policy changes, send a fresh invitation so the user receives a new single-use link.

• Right-click the "Join now" or "Log in" button in the email.
• Copy the link.
• Paste it directly into the same browser originally used to request the invitation or login.

This often avoids the pre-click issue until an allowlist policy is in place.

We understand some organisations cannot bypass link protection. If that applies to your environment, contact MindBridge support so we can review a safer long-term alternative with you.