An outbound relay is a device or service that forwards traffic from one network point to another instead of handling it locally. It acts as a transit node: traffic leaves the device, passes through it, and continues to a remote destination. Relays can carry packets, web requests, or application sessions, depending on the protocol and implementation.
In cyber security, outbound relays matter because they can obscure where traffic really comes from and turn ordinary systems into parts of a proxy network. Attackers may abuse compromised hosts, embedded SDKs, or misconfigured apps to relay traffic through residential or enterprise IP space. Defenders look for unusual outbound connections, unexpected proxy behavior, and software that changes a device’s network role without clear disclosure. Legitimate relays exist too, such as VPN gateways, load balancers, and CDN edges, but they should be intentional, documented, and monitored.