Aug 01 2017
- last edited on
Feb 19 2021
Secure Score can now help stop data exfiltration with client created rules, that auto-forwards email from users mailboxes to an external email address. This is apparently an increasingly common data leakage method that is being successfully used by 'bad actors'.
Secure Score has a new security control called 'Client Rules Forwarding Blocks' that implements a Transport Rule to help mitigate client created rules that Auto-Forward to external addresses.
If enabled, this will apply the following logic via a transport rule:
IF The Sender is located ‘Inside the organization’
AND IF The Recipient is located ‘Outside the organization’
AND IF The message type is ‘Auto-Forward’
THEN Reject the message with the explanation ‘External Email Forwarding via Client Rules is not permitted’.
This feature is now live within Secure Score. See the announcement here for further details - Mitigating Client External Forwarding Rules with Secure Score.
Perhaps these sorts of announcements could be posted to this community blog in the future like there have been for previous Secure Score new features?
Sep 08 2017 08:35 AM
I think this is a great rule... However, I am trying to setup an exception but cannot seem to get it to work.
Can someone provide instructions on how best to do this? See below...
I am need to setup a rule that will redirect a message to four external email addresses.
Sep 08 2017 09:49 AMSolution
I enabled this on my test tenant to see if I could help. You should be able to add an exception to permit these specific addresses to receive auto forwarded emails.
Have you got as far as going into the Exchange Admin Center and in Mail Flow, listed in rules there would be an entry like 'Client Rules To External Block - Secure Score 9/8/2017'. Editing this, there is an Except if.. add exception button.
Click this and add the required exceptions, for example using "The recipient..." 'is this person option'. I think that should work anyway but you might need to play around with the options. Good luck.
Sep 08 2017 10:50 AM
Hey Cian and thanks for responding.
I tried this originally but it wouldn't work for me. I will play around with it a little more to see if I can get it to work for me.
Jun 13 2018 07:18 AM
Hi. Any updates on this?
I'm not able to add an exception either. It doesn't seem to work no mater what options I try.
Mar 27 2019 09:58 AM
Does this apply to Microsoft Flows that auto-forward email? @Cian Allner
Nov 01 2019 05:48 AM
@Cian AllnerJust looking into using Secure Score for appling this transport rule, I can see this thread is a couple of years old. There portal looks different from your screenshot and no option I can find to "Apply" this rule? Has this function gone now?