Email software with built-in spam/phishing protection mechanisms (like 'safelinks' or 'urldefense' in Outlook) would wrap links generated by Salesforce in URLs of their own. While this may be an efficient way to protect against malware or phishing attacks coming from untrusted sources, the same mechanism would break the Salesforce password reset links. So the user would end up seeing the error "Your reset link expired after 24 hours or has already been used." for a just generated link.
This happens because the protection backend behind Safelinks and URL Defense would make a request to the original Salesforce URL before eventually forwarding the user to the Salesforce page. To prevent such premature link expiration, this extension will 'unwrap' a Salesforce link  and forward directly to the original Salesforce address.