[ocdtrekkie]

There is a very easy solution to this, which I believe Gmail employs: Place a very noticeable banner on the inbox when all your email is being forwarded to another address.

[zulln]

I forward everything that _does not_ match a specific string using the filter feature in Gmail, and I get no such banner. It is a company owned email, with a custom domain and such, but should not differ in this case.

[ikeboy]

The banner only shows for a week after you set it up.

[1945]

That's assuming everyone composes e-mails through the web UI. Maybe they don't want to make that assumption.

[Waterluvian]

Should just auto reset forwarding when a password reset is done.

[askvictor]

We had such an attack recently; the banner disappears after a time (also, users don't read banners)