Redirecting a user to a trusted server buys a secure email gateway company some time while it decides whether a URL is malicious — but there are avoidable drawbacks to this approach. Source