When an email has a URL that has already been rewritten by Hosted Email Security's Time-of-Click Protection passes through a third-party service that has similar capability, it is possible that the URL may be rewritten again by the third-party, appending their own service's domain.
If that email is sent back either through a reply or forward, Hosted Email Security may once again rewrite the URL. And this process may go on while the email is being passed between the two parties.
At some point, the URL may become too long and may not work anymore.
The following is an example of such URL passed between Hosted Email Security's Time-of-Click protection and Microsoft SafeLinks.
Click image to enlarge