How to Secure Your Email Forwarding Rules

A silent inbox rule can keep leaking your mail long after you reset the password — here's how to shut that door for good.

To secure your email forwarding rules, treat external auto-forwarding as deny-by-default: turn it off at the platform level, allow only documented exceptions, audit existing rules for hidden or suspicious entries, and set alerts that fire the moment any new rule is created. In Microsoft 365 you do this through the anti-spam outbound policy in Defender; in Google Workspace an admin can disable automatic forwarding entirely so neither a legitimate user nor an attacker can configure it. The single most effective move is flipping the default from “anyone can forward anywhere” to “nobody forwards externally unless we approved it.” This matters because forwarding rules are one of the quietest ways an attacker turns a single compromised mailbox into a long-running data leak.

Per the FBI’s 2025 IC3 Annual Report, U.S. cybercrime losses reached nearly $21 billion, and Business Email Compromise alone accounted for 14.6 percent of all 2025 losses — slightly more than $3 billion. Consider a finance clerk whose credentials are phished: before anyone notices, a rule silently copies every message containing the word “invoice” to an outside address. The attacker no longer needs to stay logged in; the inbox itself is now the informant.

Table of Contents

What Are Malicious Email Forwarding Rules and Why Do Attackers Use Them?

A forwarding rule is a simple piece of inbox automation: when a message matches a condition, the mail system sends a copy somewhere else. Attackers love this mechanism because it survives the thing defenders usually count on — kicking the intruder out. According to Microsoft’s analysis, once an account is compromised, criminals commonly create malicious inbox and forwarding rules, configure external forwarding, and establish OAuth persistence so they keep receiving sensitive mail even after they lose direct access to the account. Resetting the victim’s password closes the front door while the rule keeps the back window propped open. The rules themselves are deliberately mundane.

The Red Canary Threat Detection Report describes the typical pattern: a rule that auto-forwards any message containing keywords like “invoice” or “payroll,” or all mail from a specific sender such as HR or finance, to an external attacker-owned address. Compare this to a noisy ransomware attack that announces itself — a forwarding rule produces no alert, no encrypted files, and no obvious symptom. It is pure surveillance, and it is often the staging ground for a wire-fraud request timed to a real invoice the attacker watched arrive. The financial stakes explain the popularity. IC3 data shows nearly $8.5 billion lost to BEC over the last three years, and BEC email attacks rose 15 percent in 2025 according to LevelBlue’s SpiderLabs team. Forwarding rules are not the whole BEC playbook, but they are frequently the reconnaissance layer that makes the eventual fraudulent transfer convincing.

How Attackers Hide Forwarding Rules to Evade Detection

The reason audits miss these rules is that attackers design them to be visually forgettable. Huntress documents that intruders deliberately obscure rule names using single periods, semicolons, or repeated characters — names like “aaaa” or a string of dots such as “……….”. In a long list of legitimate rules, the human eye slides right past an entry that appears to be a formatting artifact or an empty field. An administrator scanning a mailbox under time pressure is unlikely to stop and investigate a rule that looks like a typo. This obscurity is what makes manual review unreliable as your only defense.

A warning worth internalizing: if your detection strategy depends on someone noticing a suspicious rule name, you have already lost, because the rule was named specifically so that nobody would notice it. The named-condition rules (“invoice,” “payroll”) are easy to describe but hard to spot among hundreds of mailboxes, and the camouflaged ones are designed to defeat exactly the eyeball test most organizations rely on. Worse, the credential theft that precedes the rule is increasingly resistant to the control most teams treat as their safety net. Red Canary notes that modern phishing kits can bypass multi-factor authentication through adversary-in-the-middle proxy attacks, intercepting the session token rather than just the password. The practical limitation here is sobering: MFA reduces the odds of compromise but does not eliminate it, so a forwarding-rule defense that assumes “MFA means they can’t get in” is built on a cracked foundation.

FBI-Reported BEC Losses by Year (2023-2025)20232.9$ billion20242.8$ billion20253.0$ billionSource: FBI IC3 2025 Annual Report

How to Secure Forwarding Rules in Microsoft 365

In Microsoft 365 the central control lives in the security portal. Navigate to Microsoft 365 Defender, then Email & collaboration, then Policies & rules, then Threat policies, and open the Anti-spam outbound policy. Setting Automatic forwarding to “Off” disables external forwarding for both user-created Inbox rules and admin-configured mailbox forwarding. This is the deny-by-default posture in practice: instead of chasing individual bad rules, you remove the capability that makes them useful to an attacker in the first place. One setting is rarely enough, though, so layer a transport rule on top.

Push Security recommends adding a mail flow rule that inspects the message type and, when it detects an “Auto-forward,” rejects the message with an explanation and logs the event. This catches edge cases the outbound policy might not cover and gives you a record of attempts. For a concrete example: a user who innocently set up forwarding to a personal Gmail account to “read work mail at home” will now get a bounce-back explaining why, which simultaneously closes a data-leak channel and surfaces shadow-IT behavior you did not know existed. The two controls complement rather than duplicate each other. The outbound anti-spam policy is the broad, account-wide off switch; the transport rule is the granular inspector that logs and explains. Relying only on the outbound policy gives you prevention without visibility, while relying only on the transport rule gives you alerts without a hard block — running both means an attempted forward is both stopped and recorded.

How to Secure Forwarding Rules in Google Workspace and Set Up Alerts

Google Workspace offers a cleaner version of the same idea. As Push Security notes, Workspace supports complete prevention: an admin can disable automatic forwarding entirely so that neither users nor attackers can create forwarding settings at all. This is a meaningful contrast with the Microsoft model. In Workspace the capability simply ceases to exist for the domain; in Microsoft 365 you are configuring policies and transport rules that shape and restrict behavior rather than deleting the feature outright. That contrast comes with a tradeoff worth naming.

Total prevention in Google Workspace is the most secure option, but it is also the bluntest — any legitimate business workflow that depends on automatic forwarding breaks the moment you flip the switch, and you will need an exception process or a different mechanism for those cases. Microsoft’s policy-plus-transport-rule approach is more configurable and exception-friendly, but every added flexibility is another seam an attacker can probe. More control means more configuration to get wrong. Whichever platform you run, alerting is non-negotiable. Blumira recommends configuring alerts so administrators are notified immediately whenever any forwarding rule is created. Prevention can be misconfigured, exceptions get granted, and new attack techniques emerge — an alert on rule creation is the tripwire that catches what your preventive controls missed, and it converts rule creation from a silent event into one that demands a human response within minutes rather than months.

Auditing Existing Rules and the Limits of a One-Time Cleanup

Turning forwarding off protects you going forward, but it does nothing about the rules already lurking in mailboxes. You need to audit what exists. In Microsoft 365, administrators can review forwarding configurations through the Microsoft 365 Admin Center and the Defender portal, and Huntress recommends PowerShell scripts to surface hidden or suspicious forwarding rules that the standard interfaces gloss over. Because attackers camouflage rule names with periods and repeated characters, a scripted enumeration that dumps every rule for inspection beats clicking through mailboxes one at a time. The warning here is that an audit is a snapshot, not a guarantee.

A clean audit on Monday tells you nothing about a rule created Tuesday afternoon by an attacker who phished a session token that morning. This is precisely why the audit has to be paired with creation-time alerting and the deny-by-default policy — the three work as a system. Treating a single cleanup sweep as “we handled the forwarding problem” is one of the more common ways organizations end up re-compromised through the same channel. There is also a scope limitation to keep in mind. Disabling external auto-forwarding and auditing rules addresses the exfiltration and persistence layer, but it does not undo the underlying account compromise that created the opening. The same intruder who set a forwarding rule may also hold a valid OAuth token grant; revoking suspicious application consents and forcing a token reset belongs in the same incident response, because cleaning the rule while leaving the OAuth persistence intact simply invites the attacker to set a fresh rule.

The Real Cost of an Unmonitored Forwarding Rule

The dollar figures make the case better than any abstraction. Across the three email-trust crime categories the FBI tracks — BEC, phishing, and government impersonation — 2025 losses exceeded $4 billion, up 46 percent from 2024, with per-complaint losses averaging over $122,000. A single overlooked forwarding rule is not a minor hygiene lapse; it can be the opening scene of a six-figure loss.

The mechanics of that loss are worth picturing. IC3 reporting indicates that 86 percent of BEC funds move via wire transfer or ACH — fast, hard-to-reverse rails. A forwarding rule feeds the attacker the exact invoice, vendor name, and timing they need to insert a fraudulent payment request that looks legitimate, and once the wire goes out the money is usually gone before the victim organization realizes the mailbox was ever watched.

Forwarding Rule Security as Part of BEC Defense

Forwarding-rule controls sit inside the larger BEC problem, and the trend line is not improving. The FBI’s three-year BEC figures — $2.94 billion in 2023, $2.77 billion in 2024, and $3.04 billion in 2025 — show losses that dipped slightly then climbed back above $3 billion, even as awareness and tooling have spread. The rule you disable today is one input into a category of crime that has proven stubbornly persistent year over year.

What makes forwarding rules a high-leverage place to focus is the ratio of effort to risk. Flipping external auto-forwarding to deny-by-default, adding a transport rule or domain-level block, auditing existing rules with a script, and wiring up creation alerts are all achievable in an afternoon by an administrator who already has the necessary access. Against an attack pattern that lets a criminal keep reading a finance team’s mail after being locked out, that is a small amount of work standing between an organization and the kind of wire-fraud loss the IC3 measures in the billions.

Frequently Asked Questions

Does turning on multi-factor authentication stop malicious forwarding rules?

It helps but is not sufficient. Red Canary reports that modern phishing kits can bypass MFA through adversary-in-the-middle proxy attacks that steal the session token. MFA lowers the odds of compromise but does not eliminate it, so you still need deny-by-default forwarding, audits, and creation alerts.

Where do I disable external email forwarding in Microsoft 365?

Go to Microsoft 365 Defender, then Email & collaboration, then Policies & rules, then Threat policies, and open the Anti-spam outbound policy. Setting Automatic forwarding to “Off” disables both user Inbox rules and admin mailbox forwarding to external addresses.

Can Google Workspace block forwarding completely?

Yes. Google Workspace supports complete prevention — an admin can disable automatic forwarding entirely so that neither users nor attackers can create forwarding settings for the domain.

Why are malicious forwarding rules so hard to find?

Attackers deliberately obscure rule names using single periods, semicolons, or repeated characters such as “aaaa” or a long string of dots, so the rules blend into a list and defeat a quick visual review. Scripted enumeration and creation-time alerting are more reliable than manual inspection.

How much money is lost to the email fraud these rules enable?

Per the FBI’s 2025 IC3 Annual Report, BEC accounted for slightly more than $3 billion in 2025 losses, nearly $8.5 billion over the last three years, with 86 percent of BEC funds moving via wire transfer or ACH.

You Might Also Like

Browse more: Breach Alerts | Cybersecurity Tips | data breaches | Financial Breaches | Government Breaches