Block Email Auto-Forwarding to External Domain

On Day 2 of Cybersecurity awareness month, learn to conceal your organization from cyber threats today. Stay tuned for more blogs in the Cybersecurity blog series.

In today’s world, emails are subjected to a lot of threats as they are the powerhouse of business information. Outlook’s email forwarding feature is useful but at the same time, it will result in the disclosure of an organization’s sensitive information. Hackers can easily steal crucial data like credit card details and passwords by auto-forwarding emails to external domains once they gain access to a user’s email account. Another instance involves that before leaving the organization, employees may create server-side rules to forward emails to outside addresses, compromising security. 

“One single vulnerability is all an attacker needs!” 

To prevent this from happening, admins can block the auto-forwarding of emails to external domains. There are three different ways to disable auto-forwarding in the organization. Let’s check them out in detail. 

Create a Mail Flow

Transport rules are one of the granular methods to disable external auto-forwarding of emails in the organization, as admins can specify required conditions and actions. 

• Open Exchange Admin Center. 
• Select the Rules under Mail Flow. 
• Click on the + icon to create a new rule. 

• You can set the required conditions to check and apply the rule to block external domains.  
• Specify the message type as Auto-forward.  
• You can add an explanation to be shown to users when their mail gets rejected.  
• You can set exceptions, priority levels, and modes for this policy.  
• You can customize when this rule to activate and deactivated based on requirements.  

• Click Save to complete the process. 

Create Remote Domain

A remote domain will allow you to block the auto-forwarding of emails to specific domains. Mail flow rules configured by users in Outlook and by admins through Exchange Admin Center or PowerShell get overridden by the remote domain creation. Remember that the rules will get overridden for only those remote domains that you specify, not for all.  

• Open Exchange Admin Center. 
• Navigate to Mail Flow –> Remote Domains. 
• Create a remote domain by specifying a Name and Remote domain you want to block. 
• Uncheck the Allow automatic forwarding checkbox under Automatic replies which is enabled by default. 
• After reviewing the required setting, click Save. 

Configure Spam Filter Policy

Outbound Spam filters are an effective way to block external auto-forwarding in Exchange Online. With outbound spam filters, admins can monitor for malicious rule creations, which is a high-level alert for account compromise.  

• Open Security Admin center. 
• Select Policies & rules under Email & collaboration. 
• Navigate to Threat policies –> Anti-spam under Policies 
• Go to “Anti-spam outbound policy” –>”Edit protection settings” 
• Click the Automatic forwarding rules dropdown and select Off – Forwarding is disabled. 
• Then, Save to turn on the Anti-spam outbound policy. 

So, these are the main ways to block the auto-forwarding of emails to external domains, which will secure your mailboxes from fraudulent activities. Establish a secure IT Framework for a healthy cybersecurity plan!