Detect malicious mail rules
Scan your employees' mailboxes in under two minutes to detect phishing campaigns
Discover malicious mail rules
Scan mailboxes in less than two minutes.

No credit card required

  • Find suspicious and malicious mail rules that result from phishing attacks.

  • Take action directly from the Push platform to prevent business impact.

  • Get instant detection and response capability to stop future attacks.

Malicious mail rule dashboard

What's a malicious mail rule?

A common attack technique where mail rules are created inside a user's mailbox to perform malicious actions, like forwarding emails to an external address. Although companies can be targeted directly, it's often opportunistic, where a rule is created automatically after a successful phishing campaign, malware infection or account compromise. Learn more.

Scan all employee mailboxes in under 2 minutes

Connect Microsoft 365 or Google Workspace to get instant visibility into all mail rules within employee mailboxes.

Get instant insights about whether the rules are legit, suspicious, or malicious.

Malicious mail rules landing page - image 1

Take action directly from the Push platform

Use ChatOps (Slack and Teams) to automatically ask the owner of the mailbox about a suspicious mail rule. Push asks employees whether a rule seems strange or if it's something they set up intentionally so we can tell you whether the rule is malicious or safe.

Disable or delete malicious rules based on their response to prevent business impact, right from the platform.

Malicious mail rules landing page - image 2

Get real-time detection and response capabilities

We immediately notify employees when a new rule is created in their mailbox. They know whether they've just set up a rule to forward work email to their personal email. If the mail rule wasn't created by them, it's suspicious and possibly malicious.

Push automatically disables rules employees don't recognize and notifies you so you can take immediate action to prevent further compromise.

No SIEM or any other detection infrastructure is required. Keep it simple.

Malicious mail rules landing page - image 3
Supported SaaS platforms
078 - Microsoft 365 logo
Microsoft 365
078 - Google Workspace logo
Google Workspace

Use cases

Latest blog posts

Subscribe to get updates from Push

The latest news, articles, and resources, sent to your inbox.