On October 13, 2021, Information Services began to utilize Microsoft's Safe Links service to enhance the security of BlueM@il, DePaul’s email service. DePaul email users may notice a new URL format in messages containing links.
When hovering over links, you might see this long address format:
This URL format is part of a filtering service from Microsoft which checks whether links in your DePaul email messages are connected to phishing scams, malware, or viruses that may harm your computer or compromise your personal information.
(This documentation comes directly from this Microsoft page.)
Safe Links scans incoming email for known malicious hyperlinks. Scanned URLs are rewritten using the Microsoft standard URL prefix: https://nam01.safelinks.protection.outlook.com. After the link is rewritten, it's analyzed for potentially malicious content.
After Safe Links rewrites a URL, the URL remains rewritten even if the message is manually forwarded or replied to (both to internal and external recipients). Additional links that are added to the forwarded or replied-to message are not rewritten. However, in the case of automatic forwarding by Inbox rules or SMTP forwarding, the URL will not be rewritten in the message that's intended for the final recipient unless that recipient is also protected by Safe Links or the URL had already been rewritten in a previous communication. Rewritten URLs apply only to HTML email, as rewriting the URL would make rich and plain text URLs unreadable, but these URLs are still scanned prior to delivery. Rich text and plain text emails containing URLs will also still be checked at the time of click in Outlook for Desktop version 16.0.12513 or later.
At a high level, here's how Safe Links protection works on URLs in email messages:
If you have any questions, please contact the DePaul Help Desk.