« Alert: Spoofed Email Appears to Come From ALTA | Main | Keeping Your Workplace Safe »


Protect Email by Disabling Auto-forward

There are legitimate reasons why a company may allow auto-forwarding of business email. However, most of the time the best course of action is to simply disable this functionality. Through phishing attacks, hackers can gain access to a user’s mailbox and can forward email to an outside address and steal information.

Turning off the auto-forward function limits an attacker’s ability to silently forward all email to an external email account in the event they compromise an email account.

Below are methods to turn off or create rules for auto-forward.

Microsoft 365

Disable Automatic Forwarding

  • Open the "Admin centers" navigation tree on the left
  • Click "Exchange"
  • Click "mail flow"
  • Click "remote domains"
  • Ensure that the box for "Allow automatic forwarding" is not selected
  • Click "Save"

Create Mail-flow Rule

Click here to watch a video on how to set up this rule.

  1. From the Microsoft 365 admin center, select Exchange, mail flow, and on the rules tab, select the plus sign and choose create a new rule.
  2. Select More options. Name your new rule.
  3. Then open the drop-down for apply this rule if, select the sender, and then is external internal.
  4. Select Inside the organization, and then OK.
  5. Choose add condition, open the drop-down, select The message properties, then include the message type.
  6. Open the select message type drop-down, choose Auto-forward, then OK.
  7. Open the Do the following drop-down, select Block the message, then reject the message and include an explanation.
  8. Enter the message text for your explanation, then select OK.
  9. Scroll to the bottom and select Save.

According to Microsoft, creating this rule prevents hackers from auto-forward messages.


  1. Turn off automatic forwarding
  2. On your computer, open Gmail using the account you want to stop forwarding messages from.
  3. In the top right, click Settings .
  4. Click Settings.
  5. Click the Forwarding and POP/IMAP tab.
  6. In the "Forwarding" section, click Disable forwarding.
  7. At the bottom, click Save Changes.

G Suite

  1. Sign in to your Google Admin console. Sign in using an administrator account.
  2. From the Admin console Home page, go to Apps > G Suite > Gmail > End User Access; Tip: To see End User Access, scroll to the bottom of the Gmail page.
  3. In the Organizations section, highlight your domain or the organizational unit for which you want to configure settings (see Configure email settings for an organizational unit for more details).
  4. In the Automatic Forwarding section, clear the check box Allow users to automatically forward email to another address.


Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment