Summary
The following states Connor Group's policies and practices for the use of forwarding email address to external recipients using blanket forwarding rules.
Forwarding and redirect rules are commonly used by attackers who have compromised a user's credential. It allows them to send messages that come from legitimate users without their knowledge. These message often include links and attachments to phishing sites and malware. They also are used with social engineering attacks to act as a sort of man in the middle using a legitimate account to deceive another person into taking action they otherwise wouldn't if the message was coming from a less trusted source. Creation of forwarding and redirect rules is a red flag that must be investigated for malicious activity.
Policy
Connor Group has a number of contractual, legal, and ethical obligations to ensure that company and client data is only accessible by employees, vendors, sub-contractors and clients that have been authorized to access the data and have a legitimate business reason to do so. Additionally, Connor Group expects that business related correspondence be done using resources managed by Connor Group security and record keeping policies and within Connor Group's branding sphere (domain names, marketing materials, letter head, etc).
Therefore, the use of a blanket forwarding rule on company email accounts to relay messages to an external recipient is not permitted unless approved through an IT Support request. Users are expected to use their company provided messaging resources for correspondence related to company business when either sending or receiving messages.
Exceptions to this policy may be requested by contacting the IT Support team. The request for an exception must provide a business use case and a description of the expected correspondence activities. The proposed use case and correspondence description must state, or demonstrate an obvious implication, why this exception will not create: