Skip to content Skip to site navigation Skip to service navigation

URL Defense FAQs

PLEASE NOTE: While ProofPoint’s URL Defense mitigates the threat of malicious links in email, it doesn’t guarantee that every link contained in the incoming, external email to @stanford.edu is safe to click. Please continue to exercise caution when inspecting URLs embedded in email.

Q: What will I see if a link is blocked?
A: The blocked page will look similar to this:
Q: How do I know if a URL is rewritten?
A: HTML emails with links will look unchanged so you can hover over the link and will see some thing similar to:
  • https://urldefense.com/v3/__http://www.google.com__;!!POPwgc47LqelFC4T6Q!PQnirYRJMr3228KhKFTmrcNHBBYLaHjr1HZZ77L
Q: What if you receive plain-text e-mails?
A: When URL Defense detects a hyperlink in a plain-text e-mail (non-HTML), it will rewrite the URL in plain text. In this case, you will see the rewritten URL directly in the body of the e-mail. E-mails with HTML or rich text are most common, so Plain-Text rewrites will occur infrequently.
Q: What if you forward an e-mail with a rewritten link?
A: Once URL Defense has rewritten a URL, if the message is forwarded or replied to, the URL will remain rewritten. Additional links added to the message being replied to or forwarded will not be rewritten.
Q: What if a link was wrongly blocked and you actually need access?
A: If a link is blocked, you can request the link be reviewed and the block removed if the website is not malicious. Please submit a ticket to the Information Security Office with the with the link in your email.
Q: Is there an exception process for some URLs to not be rewritten?
A: At this time there are no exceptions for URL re-writing, in order to protect University assets and create a secure email environment all URLs will be rewritten. Currently, domains that end in stanford.edu or zoom.us will not be rewritten.
Q: How long will the links work for?
A: The links will work indefinately even if the University switches away from Proofpoint.
Q: Does Proofpoint track or log activity?
A: Proofpoint will log when someone clicks a link. That is the extent of logging. This information is accessible by the Information Security Office to identify any account clicked on with a malicious link that previously was not considered malicious. At this point, the security office can follow up with that individual to ensure their credentials are not compromised.
Q: Are links in attachments rewritten?
A: Links in attachments and encrypted messages will not be rewritten.
Q: Will URL Defense protect a URL that is safe at one-time but becomes compromised later?
A: Yes. Each time a URL is clicked the status of that URL is verified before the redirect is allowed.
Q: Will URL Defense delay my emails?
A: No. Protected URLs are checked in real-time to determine the latest status.
Q: What should I do if I clicked on link and the page is blocked?
A: If a page is blocked you do not need to take any further action. It is also not neccessary to report this unless you feel the page is blocked in error.
Last modified March 12, 2024