Has anyone ever had the URL Rewriting actually block something nefarious?
I've been using the URL Rewriting feature ever since it was introduced, but I'm to the point where I'm thinking it does more harm than good. I've tested it many times on bad e-mails that have gotten through, and it has always sent me right through to the phishing site or the malicious download. The only time it actually seems to make any difference is when the server is down, and the link doesn't work at all (which is bad when it's a legitimate e-mail and link).
When it was first introduced, I opened a support case about it not working on a particular bad site, but by the time they looked at it the site had been taken down. I haven't bothered reporting since.
Why do I think it might be doing more harm than good? If you want to train users to look carefully at URLs before clicking, they can't have been rewritten to point to Sonicwall. Also, if they click on a rewritten URL and it works, they may (and rightfully, should be able to) assume it's OK.