New research: SaaS attacks that avoid EDR and network monitoring | Read more →

Ready to help

How does Push determine if a mail rule is suspicious?

The Push platform will flag any mail rule created by an employee that forwards mail to an external domain as a potentially suspicious rule.

Suspicious mail rule admin triage screen - KB 10068
Push administrators can triage external mail rules from the admin console.

You can triage suspicious mail rules from the Push admin console by going to Use cases > Suspicious mail rules.

Because it can be time-consuming for an administrator to review every mail forwarding rule to ensure it’s legitimate, we recommend using the ChatOps topic Check suspicious mail rules to automatically message employees when a mail rule is discovered to make sure they recognize it.

This approach makes it fast and easy to scale the review of mail rules by enlisting your employees’ help.

Related articles: