Outlook Safelink decoder

Decode SafeLinks to reveal the original URL

All computation runs locally in your browser

Last updated: February 4, 2026

CreatorFrank Zhao

Your input Outlook SafeLink URL:

Output decoded URL:

Introduction / overview

An Outlook SafeLink is a wrapped URL created by Microsoft Defender for Office. Your email client opens the wrapper first, then redirects you to the real destination.

What this decoder does

It extracts the original destination from the SafeLinks query parameter named $\texttt{url}$ . You paste a SafeLinks URL, and it outputs the decoded destination URL.

Privacy note

The decoding runs locally in your browser. This tool does not send your link to a server.

Important: decoding is not the same as “safe”

A decoded destination can still be malicious. Use this tool to understand where the link goes, then decide whether to open it.

If you want to inspect every part of a URL (host, path, parameters), pair this with our URL parser. If you need to encode or decode URL-escaped strings, our URL encoder/decoder can help.

How to use (quick start)

1Copy the full SafeLinks URL from your email (it usually contains safelinks.protection.outlook.com).
2Paste it into the input box.
3Read the output decoded URL and use the copy button if you need to share or inspect it elsewhere.

What the tool is extracting

In simple terms, SafeLinks puts the real destination into a query parameter:

\text{decoded} = \mathrm{URLSearchParams}(\text{SafeLink}).\mathrm{get}(\texttt{url})

If the output looks like an error message, it typically means the input is not a SafeLinks URL.

Step-by-step examples

Example 1: A typical SafeLinks redirect

Suppose Outlook gives you a SafeLinks URL that contains an encoded destination in the $\texttt{url}$ parameter.

\text{decoded}

=

\mathrm{get}(\text{SafeLink},\ \texttt{"url"})

=

\texttt{https://example.com/docs\?a=1}

Now you can inspect the hostname and parameters with our URL parser.

Example 2: Spotting a suspicious destination

If the decoded hostname is unexpected (for example, it mimics a login provider with a slightly wrong domain), treat it as suspicious.

\text{host}

=

\texttt{accounts.example-security.com}

Even if the email looks legitimate, confirm the destination with your IT/security team before opening.

Real-world use cases

Confirm a vendor link

Background: a vendor sends an invoice portal link. Input: the SafeLinks URL. Result: a decoded destination like $\texttt{https://vendor.com/invoice}$ . Action: verify the domain matches your vendor records.

Investigate a phishing report

Background: a teammate flags an email as suspicious. Input: the SafeLinks URL. Result: a decoded domain that does not match the brand. Action: share the decoded destination with security (without clicking).

Clean up documentation links

Background: internal docs copied links from Outlook. Input: SafeLinks URLs. Result: clean destinations. Action: replace SafeLinks with original URLs in documentation.

Compare redirects

Background: the same email appears to send different people to different places. Input: multiple SafeLinks URLs. Result: compare decoded destinations. Action: use the URL parser to compare query parameters.

Common scenarios / when to use

You need the real hostname

Decode the wrapper so you can see the destination domain clearly before opening.

You are auditing email links

Decode multiple SafeLinks and compare destinations side by side.

You are creating internal docs

Replace SafeLinks with clean URLs so docs stay readable and stable.

You suspect phishing

Decode first, then decide whether to report, block, or investigate further.

You want to share a link safely

Share the decoded URL with context instead of forwarding the entire SafeLinks wrapper.

You need URL-level details

After decoding, parse the URL to inspect path and parameters.

When this tool may not apply

If the link is not an Outlook SafeLinks URL (or if your organization uses a different wrapping system), the decoder will return an error. In that case, try our URL tools to inspect the link format.

Tips & best practices

Compare the decoded domain with the brand you expect. Small spelling differences are a classic phishing technique.
If you need to inspect parameters, paste the decoded URL into the URL parser.
When sharing a suspicious link with a teammate, share the decoded text only. Avoid clicking it.
If a destination contains URL-escaped characters, you can further decode parts using the URL encoder/decoder.

A quick sanity-check heuristic

If the decoded URL looks like it points to a login page, confirm the domain is exactly correct. For example, make sure you are not confusing $\texttt{login.example.com}$ with $\texttt{login-example.com}$ .

Calculation method / formula explanation

The decoder follows the same minimal method used by it-tools: validate that the URL is a SafeLinks wrapper, then extract the $\texttt{url}$ parameter.

Method in two steps

Ensure the hostname matches $\texttt{.safelinks.protection.outlook.com}$ .
Parse the URL and extract $\texttt{url}$ .

\text{decoded} = \mathrm{new\ URL}(\text{input}).\mathrm{searchParams}.\mathrm{get}(\texttt{"url"})

Related concepts / background info

SafeLinks wrapper vs destination

The wrapper URL is the SafeLinks domain plus parameters like $\texttt{url}$ and tracking data. The destination URL is the one you actually care about.

URL encoding

The destination is often URL-encoded (percent-escaped) inside the wrapper. Modern URL parsers decode it for you, but if you see lots of $\texttt{\%25}$ sequences, a dedicated URL decode step can help.

FAQs, limitations, sources

Why do I get “Invalid SafeLinks URL provided”?

This tool only decodes URLs that contain $\texttt{.safelinks.protection.outlook.com}$ . If your organization uses a different wrapper, the input won’t match.

Does decoding mean the link is safe?

No. Decoding only reveals the destination. You should still evaluate whether the destination is trustworthy.

Does this tool send my link to a server?

No. The decoding happens locally in your browser.

Why is the output empty?

Some links may not include a $\texttt{url}$ parameter, or the URL may be malformed.

What should I do next after decoding?

If you plan to inspect the destination, paste it into the URL parser to view its components and parameters.

Limitations / disclaimers

This is a decoder, not a malware scanner.
Always follow your organization’s security guidance for suspicious emails.

External references

Microsoft Defender for Office 365 SafeLinks documentation (for background on why links are wrapped).

Related Calculators

Chronometer

Use a simple chronometer (stopwatch) to track elapsed time down to milliseconds. Runs locally in your browser.

Try Now

Email normalizer

Normalize email addresses to a standard format for easier comparison. Useful for deduplication and data cleaning. Runs locally in your browser.

Try Now

ETA calculator

Estimate the time needed to consume a total amount at a constant rate, and get an expected end time. Runs locally in your browser.

Try Now

JWT parser

Parse and decode your JSON Web Token (JWT) and display its content. All computation runs locally in your browser.

Try Now

MIME types

Know which file extensions are associated to a MIME type, and which MIME type is associated to a file extension. Includes a full MIME types table.

Try Now

Lorem ipsum generator

Generate random Lorem Ipsum placeholder text with customizable paragraphs, sentences, and word counts. Runs locally in your browser.

Try Now