Links included in email notifications are http, not https - they redirect to https once I hit the endpoint, but our enterprise link validation doesn't like them, and they get flagged as a false positive for being malicious as a result.