How does Push determine if a mail rule is suspicious?
The Push platform will flag any mail rule created by an employee that forwards mail to an external domain as a potentially suspicious rule.
You can triage suspicious mail rules from the Push admin console by going to Use cases > Suspicious mail rules.
Because it can be time-consuming for an administrator to review every mail forwarding rule to ensure it’s legitimate, we recommend using the ChatOps topic Check suspicious mail rules to automatically message employees when a mail rule is discovered to make sure they recognize it.
This approach makes it fast and easy to scale the review of mail rules by enlisting your employees’ help.
Help article: ChatOps topics: Suspicious mail rules