Great content delivered right to your mailbox

Thank you! Check your inbox for our monthly recap!

We’ve talked before about how to flag any outbound spam leaving your organization, which is essential to prevent someone who’s just starting from sending spam or one-off emails that might go out.

But what happens if, as often happens with spam, someone decides to send out spam emails automatically, en masse? Obviously, it would be helpful to know that it happened after the fact, but if they’ve already emailed everyone on your client list, the damage is done.

Fortunately, Office Protect still has you covered. With the setting “Enable Client Rules Forwarding Block,” you can stop spammers before they start.


Learn how Office Protect helps keep your Microsoft 365 tenants safe with our e-book


How outbound spam works

Phishing scams occur when hackers get someone to open a malicious email by pretending to be a trustworthy source. They often use tactics such as fake domain names or enticing subject lines to get people to take the “bait.” v

Outbound spam is essentially phishing on the receiving end – people are more likely to open emails from someone they know and trust. Except this time, in their eyes, the email is from someone they know and trust, so it’s even more undetectable.

This works especially well in businesses. After all, we swap emails with important attachments back and forth every day. Hackers take advantage of this, particularly with the use of invoices. In fact, 26% of all phishing scams include fake invoices.

Once the recipient opens the attachment, malware is downloaded into their system. Hackers have successfully taken your good name and exploited it for their own gain.

So what is malware, and what damage does it really cause? Malware is a catch-all term for any software spread specifically to be malicious. It can come in many forms, but the most common are listed below.


What is malware?

Ransomware – While ransomware is declining due to advanced security measures, it can still wreak havoc on your organization. Ransomware is designed to lock you out of your systems or take your data hostage until your company pays the hackers a set amount for them to give back access. Ransomware often targets small businesses, and the amount is usually small enough to warrant just paying it rather than risking weeks or days of a lockout by involving the police.

Spyware – The sneakiest type of malware, spyware is installed without the user’s knowledge. It can run in the background of your system, slowly collecting and transferring your data out of the organization for weeks or even months until it is discovered.

Keyloggers – Like spyware, keyloggers can run undetected in the background, but they are specifically designed to log every keystroke the user enters. This is a great way for hackers to gain usernames and passwords to allow deeper access to your most important data.

Virus – The most common type of malware, viruses spread by “infecting” files on your computer, often one after the other until the machine overloads and shuts down completely.


The danger of mass spam emailing

If hackers gain access to your network, they can send out an email from your inbox to all your contacts almost instantaneously, and the consequences of that quick action for them can be far-reaching and long term for you.

So what’s the worst that could happen? Well, if you are a managed service provider or reseller, malware in your system could give hackers access to all your clients. Malware on one client’s system could infect all your other clients sharing the same server or cloud space.

Once your clients realize that you allowed malware into their systems, that could cause a major breach in trust, which is vital in your line of work. If clients lose confidence in you, they will be very unlikely to continue to use you for their data and IT services. They could even discuss what happened with colleagues from other companies, costing you future business and your professional reputation.

Even in a best-case scenario where outbound spam reaches all recipients but they do not open it, your reputation will take a hit. If nothing else, you’ll be marked as someone who sends out annoying spam emails. And it’s very likely that at least one of the spam emails will be opened. Research shows that about a third of email attachments in phishing emails are opened.


Office Protect’s Enable Client Rules Forwarding Block setting

Fortunately, Office Protect is here to ensure that mass spam emails never come from inside your organization. With the setting ‘Enable Client Rules Forwarding Block’ turned on, you can rest easy knowing your company is safe from this particular attack.

When turned on, this setting allows security control to create a transport rule to stop external, auto-forward type messages from leaving your tenant. The following criteria must be met for this rule to engage:

  • Sender is located ‘inside the organization’
  • Recipient is located ‘outside the organization’
  • Message type is ‘auto-forward’

If all these criteria are true, the system will reject the message and let the user know that it was rejected due to ‘external mail forwarding via client rules not permitted.’ This will allow any user that legitimately needs to use this feature to understand what happened and request the permissions necessary to complete their task.


How to use it

So how do you turn this setting on? Just go into the settings on your dashboard and flip the toggle menu to “on,” and you will be all set! You will also see the security impact (high) and user impact (low), which is the best combination. Why would you not want to apply a setting with little to no effect on end-users that has maximum effect on your security? It’s a win/win!

Contact your Sherweb representative today to learn how this setting and more can help protect your IT environment with Office Protect.

Written by The Sherweb Team Collaborators @ Sherweb