How can we stop users setting up rules for auto-forwarding of emails to lower classification domains such as the Internet?
There several methods available, and all should start with procedural policy in place to make users aware this is not allowed. It is certainly possible in Exchange 2003 to disable auto forwarding of emails. Some email gateway software also has the ability to filter and block emails that don’t contain certain keywords, so you can require users to put certain text (such as ‘UNCLASSIFIED MAIL’) in the Subject header before it is allowed out to the Internet.