Enable a direct notification when an email forwarder is created, to give notice ( to the server owner, for example).

Threat actors commonly use email forwarding rules to access mailboxes and leak data in business email compromise (BEC) attacks. Certain cyber insurance companies require businesses to turn off mail forwarding. But if we can be notified when a forwarder is created, then any potential threat is minimized. (Hardly anyone monitors forwarding rules!)