How-to Decode URLs that were encoded by Office 365 SafeLinks URLs

Created by Antonio Ortiz, Modified on Mon, 9 Dec at 4:50 PM by Yves Lacombe

  1. This article covers how to reveal the original URL that was rewritten by the SafeLinks service.
  2. As part of the Office 365 Advance Threat Prevention, links in emails are checked by the SafeLinks service. When you click on a link, it verifies that the link has neither been blocked by the University nor determined to be malicious. To perform this check, it rewrites the links into some form of https://nam10.safelinks.protection.outlook.com/?url=...
  3. Issue: The rewritten URL makes it difficult to uncover the destination of the original URL. It can also cause problems with copying and pasting links from emails into another document or web content. Instead of inserting the original URL, you will add the long, rewritten link
  4. Solution: Use a utility that decodes the URL, such as www.o365atp.com
  1. In the email message, right click on the link and select Copy Hyperlink.
  2. Go to o365atp.com.
  3. Paste the link into the top box.
  4. The original URL will then be displayed in the Decoded URL box.



The Decoded URL will show the Proofpoint URL Defense Link, if you want to decode the URL Defense link please go to:


https://www.vircom.com/urldefensedecoder/