Recent phishing attacks targeting our Stanford community highlight our urgent need for increased email security. Online attacks are getting more and more sophisticated, with cyber criminals using artificial intelligence and other technology advancements.
What’s at stake? Financial loss, data breaches, and credibility compromise—just to name a few.
To help protect our community and data, we are strengthening our implementation of Proofpoint URL Defense this October (which is also Cybersecurity Awareness Month).
Starting Oct. 28, University IT (UIT) will turn on URL Defense for faculty, student, and staff email accounts by default.* URL Defense provides a protection gateway that scans URLs in emails and blocks malicious links before your browser displays them. This prevents users from inadvertently clicking on malicious content that could lead to account compromise or data breaches. (URL Defense has been available at Stanford as an opt-in service since July 2024.)
*Accounts currently forwarding Stanford email to external addresses will be an exception for this implementation.
Through this step of proactively blocking harmful links, we can better protect individual users and minimize institutional risk. This aligns with our commitment to maintaining a secure environment for all Stanford faculty, students, and staff.
Timing: What to expect
The timing for this implementation has been carefully selected to avoid conflicts with course enrollment and grading schedules, as well as the fiscal year-end change freeze dates.
- Pre-Rollout: Preparation for accounts currently forwarding email and documentation updates.
- The University Information Security Office (ISO) and Enterprise Technology (ET) teams will identify users currently forwarding their Stanford email to external addresses through a query and place these users in a designated workgroup to opt them out of URL Defense to prevent delivery issues with external providers like Gmail and Yahoo.
- Leading up to the rollout, documentation and FAQs will be updated to ensure everyone has access to the necessary information.
- Oct. 28, 2025: Implementation.
- URL Defense will be enabled for all Stanford University email accounts, including School of Medicine email accounts.
- Post-Rollout: URL Defense will be enabled by default for all existing and future accounts, while still giving end users the choice to opt out if desired.
- Updated email management guidance in the Stanford Accounts site will let users know how to opt out of URL Defense when setting up email forwarding, and remind them to opt back in when forwarding is stopped.
ISO and ET will provide continued assistance and support documentation addressing common user concerns, throughout these phases. For questions, please contact ISO.
Preparing for support
As IT professionals at Stanford, you will play a crucial role in answering questions and supporting users during this transition. Understanding the mechanics and benefits of URL Defense will equip you to provide informed assistance and address common concerns from those you support—including sharing the risks of not having URL Defense active on an email account.
Together, we can reinforce our defenses against phishing attacks and foster a safer email environment for everyone.
