Skip to main content

URL Defense Brings a New Layer of Email Safety Starting Oct. 28

Email safety will get a bump up this October with a wider rollout of URL Defense

As phishing attacks continue to target our community and become even more sophisticated, we have an urgent need for strong email security. To better protect our Stanford community and information, University IT (UIT) is increasing our email safety with Proofpoint URL Defense. URL Defense is a powerful security tool designed to help protect you from malicious links in emails.

What's changing?

Starting Oct. 28, URL Defense will be enabled for all Stanford faculty, student, and staff email accounts by default. However, accounts currently forwarding Stanford email to external addresses will be an exception for this rollout, and account holders will have the ability to opt out if desired. 

This update will be applied in the background, with no interruptions to email users. Once URL Defense is activated, you might notice that when you hover over a link in your email, the link will now start with “https://urldefense.com/…” This additional detail at the start of the URL indicates the link has been made safer with URL Defense.

URL Defense rewritten link beginning
Example of start to URL when hovering to inspect, after rewritten by URL Defense

URL Defense has been available for opt-in since July 2024, but now is being more widely rolled out.

But wait, how does URL Defense protect my email?

URL Defense acts as a security checkpoint for every link in your emails.

Here’s how it works:

  • When you click a link, URL Defense instantly checks to see if the destination is a known malicious website.
  • If the link is safe, you will be taken to the website as usual.
  • If the link is dangerous, it will be blocked, and you will see a warning page instead.

By checking links before they open, this feature prevents you from accidentally visiting harmful websites that could be used to steal your passwords, personal data, or financial information. Learn more with our URL Defense FAQs.

What do I need to do?

No action is needed. This protection will be automatically enabled for you on Oct. 28. You can continue to use your email as you always have, but with an added layer of security working in the background.

What if I’m forwarding my Stanford email to an external address?

If your @stanford.edu email is automatically forwarded to an external address (like Gmail or Yahoo), URL Defense will not be enabled on your account for this rollout. This is to avoid potential delivery issues with your external email provider.

However, please be aware that your forwarded emails will not have added protection of URL Defense, so we encourage you to be extra vigilant about phishing attempts.

Why is this happening now?

This update is part of our ongoing commitment to maintaining a secure digital environment for everyone at Stanford. And with October being Cybersecurity Awareness Month, it's the perfect time to strengthen our collective defenses against online threats.

If you have any questions, please contact the Information Security Office (ISO) for assistance.

Learn more

Share Feedback

DISCLAIMER: UIT News is accurate on the publication date. We do not update information in past news items. We do make every effort to keep our service information pages up-to-date. Please search our service pages at uit.stanford.edu/search.