Block Email Auto-Forwarding to External Domain

On Day 2 of Cybersecurity awareness month, learn to conceal your organization from cyber threats today. Stay tuned for more blogs in the Cybersecurity blog series.

In today’s world, emails are subjected to a lot of threats as they are the powerhouse of business information. Outlook’s email forwarding feature is useful but at the same time, it will result in the disclosure of an organization’s sensitive information. Hackers can easily steal crucial data like credit card details and passwords by auto-forwarding emails to external domains once they gain access to a user’s email account. Another instance involves that before leaving the organization, employees may create server-side rules to forward emails to outside addresses, compromising security.

“One single vulnerability is all an attacker needs!”

To prevent this from happening, admins can block the auto-forwarding of emails to external domains. There are three different ways to disable auto-forwarding in the organization. Let’s check them out in detail.

Create a Mail Flow

Transport rules are one of the granular methods to disable external auto-forwarding of emails in the organization, as admins can specify required conditions and actions.

Open Exchange Admin Center.
Select the Rules under Mail Flow.
Click on the + icon to create a new rule.

Mail Flow of Blocking Auto-forward to External Domains — Transport Rule Creation

You can set the required conditions to check and apply the rule to block external domains.
Specify the message type as Auto-forward.
You can add an explanation to be shown to users when their mail gets rejected.
You can set exceptions, priority levels, and modes for this policy.
You can customize when this rule to activate and deactivated based on requirements.

Activation and Deactivation of transport rule in following date

Click Save to complete the process.

Create Remote Domain

A remote domain will allow you to block the auto-forwarding of emails to specific domains. Mail flow rules configured by users in Outlook and by admins through Exchange Admin Center or PowerShell get overridden by the remote domain creation. Remember that the rules will get overridden for only those remote domains that you specify, not for all.

Open Exchange Admin Center.
Navigate to Mail Flow –> Remote Domains.
Create a remote domain by specifying a Name and Remote domain you want to block.
Uncheck the Allow automatic forwarding checkbox under Automatic replies which is enabled by default.
After reviewing the required setting, click Save.

Blocking automatic forwarding for remote domains — Remote Domain Creation

Configure Spam Filter Policy

Outbound Spam filters are an effective way to block external auto-forwarding in Exchange Online. With outbound spam filters, admins can monitor for malicious rule creations, which is a high-level alert for account compromise.

Open Security Admin center.
Select Policies & rules under Email & collaboration.
Navigate to Threat policies –> Anti-spam under Policies
Go to “Anti-spam outbound policy” –>”Edit protection settings”
Click the Automatic forwarding rules dropdown and select Off – Forwarding is disabled.
Then, Save to turn on the Anti-spam outbound policy.

Outbound spam filter policy — Outbound Spam Filter Policy Creation

So, these are the main ways to block the auto-forwarding of emails to external domains, which will secure your mailboxes from fraudulent activities. Establish a secure IT Framework for a healthy cybersecurity plan!

While Microsoft 365 offers various methods to prevent external forwarding, there are still exceptional cases where leveraging this option becomes necessary. In such cases, it becomes crucial for admins to closely monitor the auto-forwarding of emails to external domains, as unmonitored instances can lead to the loss and leakage of sensitive data. So, admins must take extra care of them to avoid these potential risks. 🛡️🔒

Here comes AdminDroid’s mailbox forwarding reports!

Audit External Forwarding of Emails with AdminDroid

With AdminDroid Exchange Online reporting capabilities, Microsoft 365 admins can easily track external email forwarding and redirecting configurations for their mailboxes. Monitoring email forwarding reports helps admins to stay informed of details, including internal/external recipients, forwarding classification, SMTP address, etc.

But that’s not all – AdminDroid also allows for complete customization of a report to ensure that it is tailored to specific requirements. Admins can select which mailboxes to include in the report, which fields to display, and how the data is sorted, making it easier than ever to analyze the needed information.

List of AdminDroid reports related to Email Forwarding:

Mailbox with external forwarding inbox rules
Mailbox forwarding to external domains
Mailbox with SMTP forwarding
Mailbox forwarding set using ‘ForwardingAddress’
Mailbox forwarding summary
Mailbox forwarding analytics
Shared mailboxes with email forwarding configuration
Mailflow status report

Mailbox forwarding to external domains report

Mailbox forwarding detailed summary report

Apart from Exchange Online management, 1800+ pre-built reports are provided by AdminDroid for monitoring various Microsoft 365 services such as Azure AD, Security, SharePoint Online, MS Teams etc. In addition to gaining valuable insights, admins can easily schedule and export reports to analyze the organization’s performance.

Download AdminDroid today and unlock the full potential of your Microsoft 365 environment! 🚀🔓