Is there a timescale for the safelinks logic to be modified so that it also catched links that are not wrapped in http or https? i.e. http://www.website.com is protected, but www.website.com is not, but it remains clickable as Outlook see's it as a link.
Here is the answer from the team that owns Safe Links:
The Safe Links team is planning to integrate with Microsoft Outlook email clients. With this integration, for tenants who have Safe Links actively configured, we plan to have Safe Links protection for any link clicks within Outlook clients.