How does Push determine if a mail rule is suspicious?
The Push platform will flag any mail rule created by an employee that forwards mail to an external (non-company) domain as a potentially suspicious rule. Trusted company domains can be configured in the Push admin console by going to Settings > Domains.
You can triage suspicious mail rules from the admin console by going to Explore > Suspicious mail rules.
Because it can be time-consuming for an administrator to review every mail forwarding rule to ensure it’s legitimate, we recommend using the ChatOps topic Check suspicious mail rules to automatically message employees when a mail rule is discovered to make sure they recognize it.
This approach makes it fast and easy to scale the review of mail rules by enlisting your employees’ help.
Related articles:
Help article: ChatOps topics: Suspicious mail rules