At our university, the usage of eM Client to access the Office365 based email system was just banned due to some claimed security vulnerability related to the possibility of it creating mail forwarding rules withouth the user knowing about it. It was claimed by the it security staff that due to this it is being used to implement some sort of attacks.
I would like to continue using eM Client, and thus, would like to raise this issue to your attention. I hope you can find a way to avoid this issue in future versions, and that I can resume using the application for email and calendars.
The only way eM Client can forward messages is if you do it yourself, so either by clicking on the Forward button or you specifically create a Rule to do it.
I am just coveying to the best of my understanding what the IT staff told me when I asked why they suddenly disabled access to eM Client, and when I created a support ticked about it in the university system. The issue was related to security, mail forwarding rules and it being exploited (probably not on our campus but over the internet in general).
From my own experience, Many Universities also just blanket block external mail clients as they eg: “only want certain ones used in-house and so say they are security risks”. Just uni rules.
The attackers send phishing emails appearing to link to a shared document on OneDrive/DropBox. The user then clicks on the link and is asked to fill in their username and password. The attacker then uses it to hijack the account and spread more phishing emails. Unfortunately, while eM Client is not involved in stealing the password, the attackers seem to use it with the stolen credentials. We have no way to prevent this since it’s a desktop application and the malicious requests are only sent between the attacker and Microsoft server and not through our infrastructure.
We have very little information about the actual mechanism of the attack itself, and so far we didn’t receive access to any of the phishing emails.