You are here

Home ยป Mail

Safelinks

The University mail service has enabled the security feature called SafeLinks.

What is Safelinks?

Here's the University's page about Safelinks:
https://www.ed.ac.uk/information-services/help-consultancy/it-help/email-and-office365/microsoft-365-safe-links

Safelinks replaces links in emails with a link to the Safelinks scanner. The idea is that when you click on the link, you are taken to the Microsoft service first, which verifies that the link is indeed safe, and then forwards you on to the original link if it is.

There are several issues here:

  • The replaced links become all but unreadable, and certainly obscure the original URL.
  • For some URLs, the Microsoft scanner can trigger events based on the fact that it visits the link on your behalf, even before you've read the mail.
  • The links are not assessed for safety at the time - rather, a "naughty list" is periodically adjusted - so Safelinks may sometimes pass a dangerous link to malware as safe.
  • You may not want your use of URLs in mail messages to be logged by Microsoft, however temporarily.

What you can do

We raised these issues with the University and that initial document and the ISG response can now be seen below, but until something changes, there are a few things you can do:

  • You can ask for particular URLs to be exempted. Use this form: https://edin.ac/48TMFQP
    This is an especially good move if you have URLs which are being triggered without your knowledge. Be sure to highlight that this is impacting on your ability to do your job. Thanks to this form, many Informatics URLs are now left unchanged by the Safelinks mechanism.
  • If your mail client supports it, add a filter to "unmunge" the URLs in your email at the time you view them. Technically they will still be munged in your INBOX, but you just won't see them.
  • If sending mails with both a plain text and HTML alternative, Safelinks will not munge the plain text version of the email. This only benefits the recipient.
  • If you cryptographically sign your email, your sent mail will not be Safelinked at the receiving end. Again this only benefits the recipient.
  • Informatics does not recommend the use of any web-based link unmunger, including o365atp.com, which IS has recommended.

Communications with ISG (University's Information Service Group)

We are now in a position to publish our (the College of Science and Engineering) initial response to the Safelinks rollout, and the ISG response. Those documents are listed below.

Last reviewed: 
13/02/2024
PDF icon CSE initial response to Safelinks roll out
PDF icon ISG reponse to CSE concerns
PDF icon Appendix of specific CSE queries and ISG responses

System Status

Home dirs (AFS)
Network
Mail
Other services
University services
Scheduled downtime

Choose a topic