Setting Up Your Organization’s External Abuse Mailbox
This guide is for organizations that don’t yet have an external abuse mailbox but need to set one up in order to use the External Abuse Mailbox module.
An abuse mailbox is a dedicated email address where your customers, partners, and other third-party users can forward dubious messages. These instructions walk you through creating a new mailbox, testing it, and connecting it to Bolster. Most steps assume you’re using Gmail or Outlook, the most common setups. If you’re using something else, see Other Setup Options below.
Before You Begin
If your organization has an email administrator or IT department, check with them first to understand the policies and process for creating a new mailbox. They may require an administrator to set it up for you.
If your organization already has a mailbox used for something like spam reports, you can repurpose it by forwarding all incoming messages to Bolster. Just make sure you have access to set up forwarding, and that the mailbox name makes sense to external reporters. If that’s the case, you can skip the rest of this article and go directly to Setting Up Email Forwarding.
Prerequisites
These instructions assume you’re using Gmail or Outlook and have permission to create and manage a user-controlled mailbox, including setting up forwarding.
If your organization doesn’t allow forwarding or new mailbox creation by individual users, see the Setup by Admin section below. You can set this up with other providers, but you’ll need to reference their official documentation. See Other Providers below.
Step 1: Choose a Mailbox Name
Choose a clear, descriptive, unique name for your mailbox. This will determine the email address you’ll ask external users to forward messages to. It should be relevant, short, and memorable.
Major email systems such as Google and Microsoft reserve abuse@ and postmaster@ for internal monitoring. Instead, use something like the following, where yourdomain.com is replaced by your organization’s domain name:
- fraud-reports@yourdomain.com
- scam@yourdomain.com
If you’re using a shared commercial domain, you may need to include unique text to find an available address. For example, use something like the following, where yourcompanyname is replaced by your company name:
- yourcompanyname-scam@gmail.com
- fraud-reports-yourcompanyname@outlook.com
Make sure the address isn’t already in use in Gmail or Outlook and doesn’t conflict with anything else your organization is using.
Step 2: Set Up the Mailbox
Setup steps vary depending on the system you’re using. Review the high-level outline below, then refer to the provider’s official documentation for details.
Using Gmail
Set up a new Gmail account to use as your abuse mailbox. You can manage it alongside your main account without signing out.
To add another Gmail account:
- Sign out of your main Gmail account.
- Create a new Gmail account for the abuse mailbox.
- Open Gmail in your browser.
- Go to the profile and select Add another account.
- Follow the prompts to sign in and manage multiple accounts.
Official Google documentation:
Using Outlook
Set up a separate Outlook-based email address to use as your abuse mailbox. You can manage multiple accounts, but the experience varies between the web interface, the desktop app, and Microsoft 365.
To set up a separate Outlook-based email address to use as your abuse mailbox:
- Create a new Outlook-based email account.
- Open Outlook (web, desktop, or Microsoft 365 admin center).
- Add the new account using the official instructions for your setup.
Official Microsoft documentation:
| Your Setup | Use This Guide |
| Outlook.com (personal webmail) | How to create a Microsoft Outlook email account |
| Microsoft 365 (you’re the admin) | Add users and assign licenses at the same time |
| Microsoft 365 (managed by someone else) | Talk to your email administrator. |
| Outlook desktop app (Windows) | Add an email account to Outlook for Windows |
| Outlook desktop app (Mac) | Add an email account to Outlook for Mac |
If you’re using the Classic version of Outlook for Windows, note that forwarding rules may only work when the app is open and connected.
Step 3: Test the Mailbox
Make sure the mailbox is working as expected before continuing.
- Send a test email to the new abuse mailbox from an external email account (such as personal Gmail or Yahoo account).
- Confirm the test email appears in the inbox and can be opened normally.
If the email doesn’t arrive, or arrives but can’t be opened:
- Verify that you’re signed into the correct account.
- Check for spam filters, protection tools, or viewing restrictions.
- Consult your provider’s help documentation or contact your email administrator if needed.
Step 4: Set Up the External Abuse Mailbox Module
Now you’re ready to configure the module on Bolster. For full instructions, see Getting Started: External Abuse Mailbox Module.
Here’s a quick preview of steps in that article:
- Request a forwarding email address
- Set up email forwarding
- Add brand assets
- Invite users to the module
Step 5: Publicize the Mailbox
Let your customers, partners, and users know that they can forward emails to your new abuse mailbox. For example, add it to your help center or have your marketing team reach out to customers.
Since Bolster can also extract threat information from images, you can invite end users to report SMS-based threats by emailing a screenshot.
Other Setup Options
While the instructions above are for the simplest approach using the most common email providers, there are other ways you may want or need to set this up. Here’s some guidance to help you understand your options.
Setup by Admin
If your organization doesn’t allow individual users to create new mailboxes, an administrator will need to create one for you.
They can create either a dedicated user mailbox or a shared mailbox with delegated access. Once the mailbox is active, you or your admin can configure forwarding to Bolster.
To help get the admin started, or if you’re functioning as the admin, here are links to official documentation:
Google Workspace
- Add new users or email addresses
- Create a group in your organization
- Delegate & collaborate on email
Microsoft 365
- Create a shared mailbox
- Configure Microsoft 365 shared mailbox settings
- Convert a user mailbox to a shared mailbox
After admin setup, go to Step 3 to test the mailbox and proceed with the steps from there.
Other Providers
If you’re using a provider other than Google or Microsoft, refer to your provider’s help center to create a new account or mailbox.
In general, your steps will be:
- Choose a clear, unique, descriptive email address.
- Create the account through the provider’s website or admin panel.
- Follow steps 3-5 above to test the address, publicize it, and set up the module.
Some free providers may restrict forwarding or attachment handling. Be sure to check and test before finalizing setup.
