Fluency Email Rule Change Workflow is a detection workflow within the Fluency Security platform that monitors email system configurations for suspicious or risky rule changes. It is designed to identify activity commonly associated with Business Email Compromise (BEC) attacks and data exfiltration attempts. The workflow uses AI to analyze email rule patterns, forwarding destinations, and timing to surface potentially malicious configurations. It monitors both the creation and modification of email rules, detecting behaviors such as auto-forwarding to external addresses, suspicious filtering patterns, and mass rule changes. When a risky configuration is identified, the system generates alerts and provides contextual information about the rule's potential impact and associated threats.