Our default setting is to only rewrite links that have an active href or link associated with them. This means that we will not rewrite just domain names or urls without them going to an active link. We also do not rewrite links in messages that are encoded with
Content-Type: text/plain;
The reason is that these links are not clickable by default and end users will need to manually select them before clicking on the links. One drawback that we have seen is that there are some email clients that translate these plain text links into clickable urls and it could possibly leave a user exposed.
To rewrite all links in emails, including plain text links you will need to login to your Phish Protection portal and under the company settings select the checkbox to rewrite plain links.