To increase email security at Stanford, University IT (UIT) is now providing opt-in access to URL Defense by Proofpoint for all Stanford email accounts (@stanford.edu).
When active, URL Defense rewrites links in emails, redirecting them through a secure scan for analysis and blocking access to any malicious sites. If the link is not flagged as dangerous, the link continues to route to the original destination.
This process is so quick and unobtrusive that users likely won’t even notice it, unless they click on a link to a malicious site and are blocked from accessing the site.
How to opt in
Opt-in/opt-out selections can be managed at manageurldefense.stanford.edu. You will notice two options: "Opt in" and "Opt out." Click "Opt in" to activate this service.
You must opt in to use URL Defense. (Everyone is opted out by default.)
URL Defense has been piloted successfully by individuals and groups across Stanford for the past year. As part of the IT Community, we hope you try it out yourself and encourage your colleagues to opt in as well.
What will change in the email user experience?
Overall, nothing should look very different in your typical email experience once URL Defense is active. However, if you look carefully, you might notice a rewritten URL when hovering over the URL in an email. You’ll know a URL has been rewritten if it begins with: https://urldefense.com/…
Other than that small detail, your email experience will be the same unless you click on a link that could be part of a phishing attack.
If the website is considered unsafe or malicious, you’ll see a page saying "Web Site Has Been Blocked!" and the browser will block access to the site.
What does URL Defense NOT do?
While URL Defense offers many protective features, there are a few important things it does not do:
- The tool will not cause your emails to be blocked or delayed from going out or coming in. Only the links in your incoming emails will have this safety feature applied, once you opt in.
- This feature will not analyze or block links to websites with the stanford.edu domain, as these sites would not be considered malicious.
- URL Defense is not compatible with email forwarding. If you have been forwarding emails from your Stanford inbox to another email inbox (such as Google or Yahoo), the emails could be blocked from the recipient inbox once URL Defense is made active. This happens, because email providers often block emails if links appear to be altered.
- URL Defense does not completely eliminate the dangers of phishing scams. Even with this URL Defense tool active, you still need to be vigilant about identifying and reporting phishing emails, as attackers continue to become more sophisticated and look for vulnerabilities to exploit.
Learn more
- For assistance, submit a Help request to the Information Security Office.
- For more details, view the URL Defense service page and URL Defense FAQs.
- Learn more about how to stay safe from phishing scams at phishing.stanford.edu.
