I found that "Email Routing" is very insecure. It's possible to take over an email from other clients on our server.
We have two clients on one server: VIP and SMARTGUY
VIP client have a domain: vip.com
and mailboxes eg: email@example.com
When SMARTGUY have a "Email Routing" enabled in his ISP panel he can redirect all VIP emails to his outside mail server.
All he has to do is:
1. Configure his outside mailserver to accept emails from "vip.com" (and configure mailboxes, or some catchall).
2. Configure in panel on his account "SMARTGUY" in "Email Routing":
- Domain: vip.com
- Destination: smartguymailserv.com (or simply "*"!)
And all emails for vip.com are redirected to his SMARTGUY server.
"Email Routing" is disabled in default client templates, but some admins may it enable and may not be aware of the danger.