diff --git a/conf/default.conf.php b/conf/default.conf.php
index d541cfea01..7cef111ba1 100644
--- a/conf/default.conf.php
+++ b/conf/default.conf.php
@@ -630,14 +630,6 @@ return array(
   // be enabled in production.
   'phabricator.developer-mode' => false,
 
-  // When users write comments which have URIs, they'll be automatically linked
-  // if the protocol appears in this set. This whitelist is primarily to prevent
-  // security issues like javascript:// URIs.
-  'uri.allowed-protocols' => array(
-    'http'  => true,
-    'https' => true,
-  ),
-
   // Should Phabricator show beta applications on the homepage
   'phabricator.show-beta-applications' => false,
 
diff --git a/src/applications/config/option/PhabricatorSecurityConfigOptions.php b/src/applications/config/option/PhabricatorSecurityConfigOptions.php
index 57a1921003..7191818d81 100644
--- a/src/applications/config/option/PhabricatorSecurityConfigOptions.php
+++ b/src/applications/config/option/PhabricatorSecurityConfigOptions.php
@@ -119,6 +119,7 @@ final class PhabricatorSecurityConfigOptions
         array(
           'http' => true,
           'https' => true,
+          'mailto' => true,
         ))
         ->setSummary(
           pht("Determines which URI protocols are auto-linked."))