Email forwarding allows us to automatically forward the email messages from a user’s mailbox to another user’s mailbox inside or outside of the organization. Email forwarding is useful when the employee is gone for vacation or left the company, the alternative person can handle the mail flow.
As an admin, it is an important task to detect and prevent malicious email forwarding in Office 365. Because
- Automatic email forwarding is one of the common methods to leak the organization’s sensitive data. Forwarded messages can pose a security or compliance risk.
- When the account is compromised, the hacker can enable email forwarding to steal data. Email forwarding can indicate compromised accounts.
- Employees can configure automatic email forwarding to forward their official emails to their personal email account. In this case, the user can get official info even when they quit their job.
- Automatic forwarding to external domains might indicate a data breach.
This blog will help you to configure email forwarding and methods to identify the mailboxes with external forwarding and internal forwarding.
How to Configure Email Forwarding in Office 365?
In an Office 365 environment, email forwarding can be configured by admin and a user (I.e., mailbox owner).
1.Email Forwarding Configuration by Admin:
An admin can enable email forwarding through Admin Center (both Microsoft 365 admin center and EAC) and PowerShell.
Method 1: Configure Email Forwarding Through Admin Center
- In the admin center, go to the ‘Users’ > ‘Active users‘ page.
- Select the name (E.g. John) of the user whose email you want to forward, to open the properties page.
- On the ‘Mail’ tab, select ‘Manage email forwarding’.
- On the email forwarding page, select ‘Forward all emails sent to this mailbox’, enter the forwarding address (E.g. Anne@contoso.com).
Above configuration will forward all the emails (John’s) to the specified mailbox(Anne) without any condition.
Method 2: Configure Email Forwarding via PowerShell:
Admin can configure email forwarding using Set-Mailbox cmdlet.
ForwardingAddress is used for internal forwarding and ForwardingSMTPAddress is used for both internal and external forwarding (Generally, used for external email addresses that aren’t validated.)
Note: If you specify both ForwardingAddress and ForwardingSMTPAddress, then ForwardingSMTPAddress will be ignored.
Method 3: Setup Email Forwarding using Mail Flow Rule:
The admin can use the mail flow rule aka transport rule to enable automatic email forwarding. Mail flow rule is made of conditions (like the sender is a specific person, when the sender is member of specific group, etc.) and actions (like forward email, redirect email, block email, etc.). Based on the organization’s need, you can configure the rule.
- Go to Exchange admin center –>Mail Flow.
- Create a new rule with name, condition, and action (i.e.., forward the message for approval to).
- Save the rule
2.Email Forwarding Configuration by Mailbox Owner:
Users can configure email forwarding through inbox rules (outlook or PowerShell) and Forwarding SMTP address (outlook).
Method 4: Configure Email Forwarding using Inbox Rule:
You can forward/redirect emails by setting up inbox rules. The Inbox rule will forward or redirect the message when certain condition meets.
Email forward – Emails that are forwarded appears to come from the forwarder. Original sender is not displayed in the ‘from’ box. The body of the email contains the original content and email history details.
Email redirect – Emails that are redirected appears to come directly from the original sender. The recipient doesn’t know that the mail was redirected. And also, redirection leaves the copy of mail in the redirection configured mailbox.
Inbox rule can be configured from Outlook and PowerShell.
I.Configure Forwarding Rule through Outlook:
- Navigate to Settings–>Mail –>Rules.
- Create new role by giving Rule Name, Condition (like when an email comes from specific sender, an email contains specific word, etc.) and Action (like forward to, redirection to, delete, etc.).
II.Setup Inbox Rule using PowerShell:
You can use New-InboxRule to create an inbox rule. The given examples describe the following scenarios:
- When my name is in ‘To box’, then the mail will be forwarded to John.
- When the subject contains the word “Meeting”, it will redirect to Bob’s mailbox.
Method 5: Setup an SMTP for Email Forwarding:
To configure external email forwarding, you need to setup SMTP forwarding. You can configure this setting from Outlook.
- Navigate to Settings–>Mail–>Forwarding.
- Select ‘Enable forwarding’ and give the required forwarding address.
How to Check Email Forwarding in Office 365?
Since email forwarding can be configured through multiple methods, it’s a tedious task to find the mailboxes with email forwarding configuration. Even with the PowerShell, you need to use multiple cmdlets like Get-Mailbox, Get-InboxRule, and then filter the results with attributes like ForwardingAddress, ForwardingSMTPAddress, ForwardTo, RedirectTo, etc.
So, what is the easiest way to list all mailboxes with email forwarding enabled? With the help of the AdminDroid Office 365 reporting tool, you can complete the complex task within few mouse clicks.
Office 365 Email Forwarding Report in AdminDroid
AdminDroid has 6 dedicated Office 365 email forwarding reports to show the detailed email forwarding configurations.
- Mailbox Forwarding Summary
- Forwarding to External Domains
- Mailbox with SMTP Forwarding
- Mailbox with Internal Forwarding
- Inbox Rules with Forwarding
- Inbox Rules with External Forwarding
Mailbox Forwarding Summary:
This report displays all the mailboxes that has forwarding enabled by admins as well as the users (using inbox rules). It gives a detailed result on forwarding to internal recipients and external recipients. By referring to this report, the admin can disable mail forwarding for the particular mailbox.
Forwarding to External Domains:
This report shows a list of external domains that are configured to receive the forwarded message. It includes configuration set by both admin and user. The report gives detail about Office 365 mailboxes with external forwarding, External domain, and external recipient. This report will help you to detect and prevent external forwarding.
Mailbox with SMTP Forwarding:
SMTP forwarding report shows the forwarding configuration set by both admin and user through “ForwardingSMTPAddress”.
Mailbox with Internal Forwarding:
This report shows the mailbox forwarding set by admin through “ForwardingAddress”. By referring to this report, admin can stop auto email forwarding.
Inbox Rules with Forwarding:
This report helps to find auto-forward rules. In other words, the report lists all mailboxes with inbox rules that forward the email to another mailbox.
This mailbox rule report shows the forwarding addresses (both internal and external recipient) set through the inbox rule.
Inbox Rule with External Forwarding:
You can use this email forwarding report to find all inbox rules that forward mail externally from your organization. By referring to this report, admin can disable external forwarding for the mailboxes.
Apart from the above-described methods, auto-forwarding can be configured through an automatic reply rule available in the Outlook desktop. As always, Microsoft has not given any proper way (through PowerShell or admin center) to view forwarding configuration set through Out of Office automatic reply rules. Since it’s a big security concern, Microsoft has to take it as a high priority. Hope it will be fixed soon 🤞
I hope this blog will help you to configure and identify mailboxes with automatic email forwarding. How are you managing auto-forwarding in your organization? You can share it with other admin and us through the comment section.