Forwarding Emails Outside? Here’s Why That’s a Risk
We’ve seen it too often during recent client onboardings: external email forwarding is enabled by default. This means company email can be automatically sent to external mailboxes. While it might seem harmless or convenient, forwarding emails outside your organisation can introduce serious security and compliance risks. Here’s why turning it off should be part of your baseline security posture.
🔒 Data Leak Prevention
Forwarding rules can send sensitive information outside the business to unmanaged accounts. Once emails leave your Office 365 tenancy, your company loses control. If the destination account is compromised, your data could be exposed without your knowledge.
🛡️ Blocking Attacker Persistence
When attackers gain access to a mailbox, one of the first things they often do is set up forwarding rules. This lets them keep receiving emails even after passwords are changed or access is revoked. Disabling forwarding cuts off this tactic and helps contain breaches faster.
📉 Reducing Shadow IT Risks
Forwarding to personal or unmanaged accounts creates blind spots in your security strategy. It’s a classic case of shadow IT, where data lives outside your visibility and control, making it harder to enforce policies, detect threats, or respond to incidents.
🔒 Strengthening Your Zero Trust Strategy
Zero Trust is built on verifying every access and minimising implicit trust. Allowing emails to flow freely to external accounts undermines this model. Blocking forwarding supports least privilege and keeps sensitive communications within trusted boundaries.
If you’re using Office 365, it’s easy to block external forwarding across your tenancy:
- Use outbound spam policies in Microsoft Defender for Office 365
- Set up Exchange transport rules to restrict forwarding to external domains
Security isn’t just about firewalls and endpoint protection. It’s about smart defaults. Disabling automatic email forwarding is one of those quiet but powerful steps that can reduce risk, improve compliance, and strengthen your overall security posture.
If you’re not already blocking external forwarding, now is the time to review your policies.
Need a hand? We have the Security Baseline for you.
📞 03333 586222