Share via

new rules keep being created on my outlook

Roberto Arreola Villarreal 20 Reputation points
2026-03-10T17:45:22.9733333+00:00

i keep getting new forwarding rules and i don't know how to stop them. ive tried outlook.exe /cleanserverrules but even that dosent stop the rules from continuing to create

Outlook | Windows | Classic Outlook for Windows | For business
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jay Tr 11,215 Reputation points Microsoft External Staff Moderator
    2026-03-10T19:47:23.67+00:00

    Hi @Roberto Arreola Villarreal

    Welcome to Microsoft Q&A forum. 

    Thank you for reaching out and sharing your experience with Outlook rules and steps taken. I can totally understand how confusion it is when you are having mail forward rules and the command line doesn’t work as expected. 

    To better understand the situation and assist with more targeted solutions, could you please share the following details: 

    1. Is there any mail rule listed under Files > Manage Rules & Alerts? 
    2. Are you using a shared mailbox or your user mailbox? 

    In the meantime, please try the following troubleshooting steps: 

    1. Delete mail rules  
    • In Outlook, on the File tab, choose Manage Rules & Alerts. 
    • In the Rules and Alerts dialog box, on the E-mail Rules tab, choose the rule you want to delete. 
    • Choose Delete > OK. 
    1. Contact IT admin 

    Please reach out to your organization's IT admin and provide them with these steps: 

    • Look for Exchange mail flow (transport) rules  
      • Sign into the Exchange Admin Center (EAC). 
      • Go to Mail flow > Rules and scan for any rules that forward mails.  
      • Delete or disable them. 
    • Check automatic forwarding settings  
      • In the Microsoft 365 admin center under Users > Active users, select your account, then Mail > Manage email forwarding. Make sure it’s turned Off or points only to addresses you expect. 

    I hope this information is helpful. Please follow the steps above and let me know if it works for you. If not, we can continue working together to resolve the issue.  

    Thank you for your patience and understanding. If you have any questions or need additional assistance, please don’t hesitate to reach out so I can continue to support you. If you found the response useful, please consider marking it as accepted, as this may help other community members who are looking for similar guidance.  

    I look forward to continuing the conversation. 

    If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.     

  2. Q&A Assist
    2026-03-10T17:45:36.94+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Persistent, automatically re-created forwarding rules usually indicate that the account is still being accessed by an attacker or an app/add-in that has permission to manage rules.

    To stop the rules from being created, perform a full cleanup, not just /cleanrules:

    1. Delete all rules in Outlook on the web
      Use Outlook on the web (OWA), go to Settings → Mail → Rules and remove any rules that you do not recognize. Also check Mail → Forwarding and remove any forwarding you did not configure. Guidance for managing rules in Outlook on the web is in Manage email messages by using rules in Outlook.
    2. Run the full rule cleanup in classic Outlook
      You already tried outlook.exe /cleanserverrules. Use the broader switch that deletes all client and server rules in the profile:
      1. Close classic Outlook.
      2. Right-click Start → Run.
      3. Run: Outlook.exe /cleanrules
        This deletes all rules for all accounts in that Outlook profile, both client and server, as documented in the “Users get error…after making changes to rules in classic Outlook” article.
    3. Secure the account so rules cannot be recreated
      The behavior described in similar cases is that rules keep coming back until the attacker’s access is fully removed:
      • Change the account password to a strong, unique one.
      • Enable multi-factor authentication (MFA). In a documented case, persistent malicious rules stopped after MFA was enabled.
      • Use the Microsoft account security portal to sign out everywhere so any existing sessions are killed.
      • Remove any unknown or untrusted apps that have access to the account.
    4. Re-check for rules after securing the account
      After password change, MFA, and sign-out everywhere have been completed and enough time has passed for sessions to expire, check rules again in both Outlook on the web and classic Outlook. If no new rules appear, recreate only the rules that are actually needed.

    If rules continue to reappear even after these steps, contact the organization’s Microsoft 365 administrator or support so they can review mailbox audit logs, mail flow rules, and any suspicious connectors or add-ins at the tenant level.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.