Block emails To: Undisclosed Recipients
- Thread starter sarsenal
- Start date
could you please post the source of the mail, and the logs of the processing?
There are quite a few mailclients that write this in the To header if a user only adds addresses as BCC - so keep in mind that you could get many false positives with this
We don't have any users that would use or need to use this feature. So I would rather just block it. If they need to use this kind of feature we could route that email thru a different system. I think they deleted the email already, so I never got the source. But this has now been 5 in the past week I have seen using this method to bypass filters.
From: Desxn Civye [mailto:desxncivye654@gmail.com]
Sent: Thursday, September 1, 2022 5:34 PM
To: undisclosed-recipients:
Subject: Check & confirm your order #YGFTE-jihut-IJKOY
From: Desxn Civye [mailto:desxncivye654@gmail.com]
Sent: Thursday, September 1, 2022 5:34 PM
To: undisclosed-recipients:
Subject: Check & confirm your order #YGFTE-jihut-IJKOY
the logs would also have been helpful ..
anyways if you want to match on the to header containing 'undisclosed-recipients' you can create a 'What Object' with a 'Match Field' entry - the filename is 'to' the value is 'undisclosed-recipients' - and then use this to quarantine or block the mail
anyways if you want to match on the to header containing 'undisclosed-recipients' you can create a 'What Object' with a 'Match Field' entry - the filename is 'to' the value is 'undisclosed-recipients' - and then use this to quarantine or block the mail
