Incoming Spam |where 'TO' address is "undisclosed-recipients:"

Tarak Nath

• December 02, 2019 07:52

Hello, Our all users are receiving unwanted SPAM mails with an attachment where 'TO' address is "undisclosed-recipients:" We don't know how come they got our email IDs. Is there any way can we block or reject if any emails comes to "undisclosed-recipients:" Please help us. We are very worry about such this type of emails. Regards, Tarak Nath

• 

  rpvw

  • December 02, 2019 15:34

  where 'TO' address is "undisclosed-recipients:"

  
  This normally occurs if the mail only had a BCC address and no 'To' address. You should be able to create a mail filter something along the lines of "If 'To' does not contain '@domainname.tld' discard message"
  WARNING I have not tested this rule: use with care and test thoroughly before deploying it on any mission-critical email account.

  0
• 

  Tarak Nath

  • December 03, 2019 06:07

  Thank you @rpvw for the response. We have created a global rule as per attached screenshot. Will it works ? Or need to change any. Regards, Tarak Nath

  0
• 

  rpvw

  • December 03, 2019 06:29

  I am not sure if the 'undisclosed-recipients' is added by end user mail software or webmail, or by exim itself. Run some tests using the filter test dialogue on the filter Current filter page. You may need to add an 'OR' to additionally test for an empty string or the lack of a @ in the 'To' line (you could base the whole filter on the lack of the @ character)

  0
• 

  cPanelLauren

  • December 04, 2019 21:16

  I am not sure if the 'undisclosed-recipients' is added by end user mail software or webmail, or by exim itself.

  
  We could find out if we saw the headers i'd assume, or better yet the exim transaction, as far as I'm aware nothing cPanel does would add this without some heavy customization of the Exim System Filter. @Tarak Nath is this something you can provide? Also, welcome back @rpvw :)

  0
• 

  Tarak Nath

  • December 05, 2019 09:51

  Hello @cPanelLauren , What should I provide ? Full email header ? Just asking, above Global Filter would not work? Regards, Tarak Nath

  0
• 

  keat63

  • December 05, 2019 10:40

  Provide the full email header but take out any information which could be compromised. Obscure parts of the IP address and the domain name of any email addresses that you don't wish to divulge.

  0
• 

  Tarak Nath

  • December 06, 2019 07:31

  Hello, Please find the attached screenshot for email header. Hidden our domain and server hostname only. Regards, Tarak Nath

  0
• 

  cPanelLauren

  • December 06, 2019 22:12

  All that indicates is that the message was BCC'd as @rpvw suggested earlier, it's added by the software sending the mail when the BCC option is selected. You might even stop looking at the "to" field and select "any header" "contains" "undisclosed-recipients"

  0
• 

  Tarak Nath

  • December 09, 2019 04:18

  Hello @cPanelLauren , Thank you for the update. As per you and what I have understand, I have updated the rule. It will be great help if you please check the attached updated rule and confirm me that whether I have set up correctly or not. Regards, Tarak Nath

  -1

Please sign in to leave a comment.