Topics Map > Features and Functionality

Email Security: URL Defense

This document provides an overview of the Email Security feature referred to as URL Defense and is also known as URL re-write or URL wrapping.

Important: URL Defense will be generally available to campus on February 5th, 2024.

Our secure email gateway evaluates URLs embedded in email messages that are received from external senders. If the URL is known to be suspicious or malicious at the time the email is received it will be assigned a high spam score. Sometimes malicious messages evade detection at the gateway because intelligence about a URL is not known at the time the message is received or the URL becomes malicious post delivery. 

With the Enhanced Email Security project we have the opportunity to add new features to our email defenses including URL protection to help prevent people from inadvertently following malicious links in emails delivered to their inboxes. URL Defense, known as URL re-writing, modifies the URLs in incoming messages and URLs found in text and HTML attachments. When the recipient clicks on the link in the email, the URL modification redirects the recipient to an intermediate Proofpoint engine which evaluates the original link against their database of currently known malicious links. If the link is bad, Proofpoint blocks access to the malicious site. This gives us a second chance to prevent phishing and other targeted email attacks from impacting UW-Madison students and staff. 

Rewritten URLs are only visible when you hover over the links embedded in HTML messages. Links re-written by Proofpoint can be easily identified because they always start with “”. Plain text emails with re-written URLs will be clearly visible within the body of the email. 

What if the site is malicious? If the link is determined to be malicious the recipient will be blocked from accessing the site. They will be redirected to a support page that explains why they have been blocked from accessing the URL. 

What if the site is safe? If the website is known to be safe the recipient will be seamlessly redirected to the original site. 

What if the site is unknown? With URLs that have not established a reputation with Proofpoint, the recipient will be allowed to access the website and Proofpoint will do an analysis of the site to help inform future determinations for that URL.

It is still important that you carefully choose what links you click on but URL Defense offers another layer of protection.

Keywordsmicrosoft ms office365 o365 m365 email rewrite wrapping proofpoint link safe malicious   Doc ID132650
OwnerO365 S.GroupMicrosoft 365
Created2023-11-08 12:00:54Updated2024-03-04 12:54:25
SitesDoIT Help Desk, Microsoft 365
Feedback  0   0