Why Outlook Adding “Safelinks.Protection.Outlook.Com” to All URLs in Your Emails and How to Disable it?
Yesterday I noticed a weird thing in my Outlook/Hotmail email account. Suddenly all new emails started having a mysterious and suspicious “https://safelinks.protection.outlook.com/?url=” string at the beginning of all URLs present inside them. I never saw such kind of things in past. All URLs were looking very weird, ugly and suspicious at the same time.
The format of all URLs was as following:
https://4-5_Characters_With_Numbers.safelinks.protection.outlook.com/?url=Original_URL&data=Random_Characters&sdata=Random_Characters&reserved=0
Advertisement
Where 4-5_Characters_With_Numbers were like nam01, nam02, nam03, eur01, eur02, eur03, etc and then .safelinks.protection.outlook.com/?url= string followed by the original URL like facebook.com followed by 3 parameters data, sdata and reserved.
Since the appended string was containing outlook.com inside it, I was able to understand that some new feature of Outlook account is adding it to all URLs.
After a lot of research and contacting Microsoft support, I was able to figure it out.
If you are also getting this weird and suspicious string in all URLs in your emails and want to disable it, this article will help you.
I’m going to divide this article in following parts:
- What is safelinks.protection.outlook.com string added to all URLs?
- Is there any problem caused by this safe links feature?
- Should I disable/deactivate this safe links feature?
- How to disable/deactivate safe links feature?
Let’s start the article:
Table of Contents
What is Safelinks.Protection.Outlook.Com String Added to All URLs?
First understand one thing, you don’t need to worry about it. It’s not a problem or issue in your email client or app. It’s a feature of Outlook.com accounts and Office 365 subscription which has been implemented to provide more security to your email accounts. This feature is available for all Microsoft Accounts such as @outlook.com, @hotmail.com, @live.com and @msn.com.
Advertisement
This feature is called Safe Links and also referred as “Advanced Outlook.com Security“, “Advanced Threat Protection (ATP)“, etc. It’s a part of spam and malware filtering which checks whether any links to web pages in your email messages are phishing scams or are likely to download viruses or malware onto your computer.
For better protection this feature is activated/enabled by default. Due to this safe links feature, links in your email messages look different as mentioned above. In some email messages links might appear longer than usual, and include text strings such as “nam01.safelinks.protection.outlook.com”, etc as mentioned in the beginning of this article. This is done to perform the security checks to protect you from phishing attacks. If Outlook finds an unsafe link, it doesn’t open the link and shows the user a warning message that it has detected an unsafe link.
Is There Any Problem Caused by This Safe Links Feature?
Although this feature is very useful and provides better security, sometimes you may find this feature frustrating. It makes the normal looking URLs weird, longer and ugly. A simple URL like Microsoft.com may become very long and weird due to addition of “https://safelinks.protection.outlook.com/?url=” and many random characters and numbers. It makes understanding and identifying a URL very difficult.
Also sometimes when you click on a URL, it doesn’t open and the web browser throws error message like “This web page could not be loaded. Due to an internal error, this web page could not be loaded. We recommend that you close this page.”.
Should I Disable/Deactivate This Safe Links Feature?
Microsoft doesn’t recommend disabling or deactivating this feature as it prevents you from phishing attempts and malware installations.
Personally I also don’t see any problem with this feature apart from the weird and ugly looking URLs in email messages.
How to Disable/Deactivate Safe Links Feature?
Now that’s the tricky part. This feature is activated and enabled for all email accounts. Some people might get this feature and some not based on the availability of the feature in user’s region, subscription, etc.
Microsoft doesn’t provide any option or setting to turn this safe links feature off as it has been implemented for security purposes.
So how to remove the “https://safelinks.protection.outlook.com/?url=” and other parameters from URLs in our email messages? How can a user disable the feature if he doesn’t want Outlook to change the default URLs?
The answer is contacting Outlook support. One can only deactivate this feature by contacting Microsoft Outlook support. But there is a particular and official procedure to contact Outlook support and ask them to deactivate this feature.
Following steps are the exact steps which will help you in disabling safe links feature and getting rid of “safelinks.protection.outlook.com/?url=” and other parameters from URLs in your email messages:
STEP 1:
Click on following direct URL to open Outlook.com Help Pane:
If above mentioned URL doesn’t work for you, open your outlook.com email account and click on ‘?‘ (Help) icon present at the top-right corner of the page.
STEP 2:
Now in Help Pane, click inside the message box and paste following message:
Please disable Safe Links for the following email aliases;
Your_email_address
Replace Your_email_address with your email ID which is having the issue.
If you have created email alias, you can add them as well using comma. For example:
Please disable Safe Links for the following email aliases;
test@outlook.com, test2@hotmail.com, test3@live.com
After typing the above message, click on “Get Help” button.
Outlook will show you following confirmation message:
Disabling advanced Outlook.com security
To provide the best protection for your account, Outlook.com checks whether any links in your messages are phishing scams or are likely to download viruses or malware onto your computer. If you’re sure you want this advanced Outlook.com security removed, please click Yes below.
Still need help?
[Yes] [No]
Click on “Yes” button.
Outlook will ask you to confirm your email ID, click on “Send” button.
Outlook will show you a message that your request has been received and a support engineer will contact you shortly.
STEP 3:
Wait for a few minutes or hours and you’ll receive an email from Outlook support regarding your request.
The email contains a template reply as following:
The Outlook.com team has enabled premium features for Office 365 subscribers, including no ads and advanced email security. As part of these updates, you now receive a higher level of protection against malware and phishing threats.
The Outlook.com service scans each link you click in your emails, and if the destination web site contains suspicious content, you will be redirected to a warning page. We recommend that you do not proceed to any sites that trigger the warning page.
As part of this change, the links in some emails you receive will look different. The links will contain additional information related to the security checks that were performed. Over the coming months, new Outlook.com updates will improve the appearance of these links while still keeping you protected.
To provide the best protection for your account, these features are on by default and not designed to be turned off. You can reply to this email to have the feature deactivated on your behalf, but we do not recommend it.
Reply to the email and let them know that you want to disable safe links feature which is adding “safelinks.protection.outlook.com/?url=” and other parameters to all URLs in your email messages.
That’s it. Outlook support will disable the feature as per your request and you’ll no longer get those weird URLs in your email messages.
PS: If you don’t want to disable this safe links feature but some URLs are not working properly due to addition of “safelinks.protection.outlook.com/?url=” and other parameters, you can temporary bypass the feature using following steps:
- Right-click on the URL and copy the full URL.
- Paste the URL in Notepad or any other text editor.
- Now extract/copy the original URL from the copied string which is given between “safelinks.protection.outlook.com/?url=” and “&data=” terms.
- Now you can paste the original URL in address bar of your web browser and it’ll open fine.
This feature with safe links is very dangerous as well! I still receive spam, and I cannot see many times if this link I am showing is a real one or a fake one. Up to know i just copy pasted the link and I could see if this was a fake or not, or in Mozilla Firefox I could see the link if I hovered the mouse over the link. Now this safe links ruins it all.
The problem with this feature comes to light when the user forwards their email to someone. At that point the Outlook edits the link in the email by adding the Outlook users’ (the one who’s forwarding) email address to the link. It’s Microsoft gathering excessive tracking information.
techcommunity.microsoft.com/t5/Outlook/Advanced-Threat-Protection-ATP-is-ruining-Outlook-com/m-p/125531/highlight/true#M1146
Another problem with this feature is that the link becomes extra long, and if your email client’s line length is exceeded, the client will insert a 0DH 0AH or cr/lf, breaking the link. Makes it unclickable. I believe Zael’s comment also applies if you click the link (and it works in your client) because you will go to a redirection service at outlook.com, so Microsoft can have and maintain a record of all the links you click.
No need to contact Microsoft to disable it, it can be done through the advanced security configuration in Configuration -Premium- Security
Thank you so much for this post!!!!!
safelink has blocked me from using anything. It blocks me when I look at pressing a link says it is bad tells me to go back.
Please help (elderly lady)
The modified (safe) link is detected as phishing by Thunderbird !
I don’t see any message box in the help panel.
Regarding MCR comment, dont see how to use Outlook Premium that is I suppose a paid option
and finally the problem occur when receiving a mail with such safe link, so that should be the sender to disable the feature, and I am the receiver !
remove safelinks off my email, I can not pay bills
Never trust Microsoft to decide what is safe for you! That was my first lesson, learned in the ’90s so why on earth would I not worry about this obfuscation? Because now I have no clue where this link will go until it is too late! I marked the first few as fishing attacks but soon because the link was an important way of knowing, I could only mark every email as junk that has this untrusted “safelink” hostname.
It was simple before that if I get an email claiming to be from a company I expect email, The link should NOT go to some obscure site they do not even have anything to do with. I have a normal email address; I just use the hotmail now for junk companies having no reason to know my address. That and the fact I tease kiddie scammers is why every other email here IS malicious but some I need to notice.
If you’re using Thunderbird for reading your email, this addon will restore the ugly and dangerous links to their original value ;
addons.thunderbird.net/en-US/thunderbird/addon/unmangle-outlook-safelinks/
The comments here speak for themselves, but the one that I’d like to echo is Jeff’s on jan 10: “Never trust Microsoft to decide what is safe for you!”. I am still smarting from the fact that about 16/17 years ago all my archived, saved, & new emails within Hotmail – some important and my only email account at that time – were wiped or deleted under mysterious circumstances of which I never got an explanation, and I can remember that my difficult contact with Hotmail customer service ended with them saying that there were no backups from which they could recover my account. I soon after got a gmail account and have let my Hotmail account languish. It’s a pity that I have to use Outlook because many educational institutions use it.
na01.safelinks protection.outlook has made my email unusable. This is my original msn email that I had to pay for 20 plus years ago!!!!!
Your advice to reply to the Microsoft Ad is not valid as you cannot reply to a static ad where they have removed your topline options eg block phishing etc .I repeat there is nothing available above their Ad . – sinister !
You can absolutely disable safe links without contacting Microsoft support. It’s absurd for you to suggest that. Here’s Microsoft’s solution for this issue, from the Microsoft community support site:
“Gérard Oomens
Volunteer Moderator
Can I turn off Safelinks?
You can turn them off by signing in to outlook.live.com. Then select Settings > Premium > Security.
There’s a toggle under Advanced Security that you can use to turn off Safelinks. Note that turning off Safelinks will only affect future messages you receive. It won’t change the link format in messages you’ve already received.”
I finally thought of a solution!!!
Because each of these messages that Outlook has deemed to be worthy of pre-scanning but sent through based on its spurious criteria are indeed “junk”, I just created a new rule (Home> Manage Rules & Security) to send all “messages containing certain words” (name12.safelinks.protection.outlook.com) to “a certain folder” (select: Junk).
The resulting rule description reads as follows:
“Apply this rule after the message arrives with “name12.safelinks.protection.outlook.com” in the subject, move it to the Junk Email folder and stop processing more rules.”
Aaaaahhhhhhhh.
I have disabled the safe links feature by using the Settings > Premium > Security procedure presented above. Now, how can I go back and open the blocked links in some earlier emails? I know It can be done because an Apple Genius Bar guy did it for one link but then he ran off before I could get him to tell me how he did it!