Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 299
  • Last Modified:

Find and stop email forward rule - Exch2010SP3

So I have some user who is apparently tying to forward emails sent to him to an outside account.. I have confronted both of my domain users that have a matching address prefix.  They both deny and say they've never seen that domain in this email address before.

It mainly occurs when HR send out emails to the masses (company-wide DL), so of course they're griping about it now.  I need to find and stop it.  Any pro tips?
Ben Hart
Ben Hart
2 Solutions
Sadly, it's probably a local rule, which means you have to sit behind the PC of that user while he has logged in to be able to check. If not, it will always be guess work. Of course, the guess work is accurate if you check the timing of the mails, if there are just a few seconds between HR sending that email and the forwarded email, it's definitely a rule from a user. With local rules, you can't "fake" headers though, if you check the log files, the REAL user will be revealed.
AmitIT ArchitectCommented:
Go and disable auto forward option from Exchange end. How to do it:
Ben HartAuthor Commented:
Thanks for the help guys, especially the link to that Auto Forward option.  I found an incorrect account added to one of our main site distribution lists.  It was a vendor that matched the external email address of the mysterious bounced messages.  The username was VERY close to an actual domain user so I think someone mistakenly added the wrong account to this DL.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now