Incoming Spam |where 'TO' address is "undisclosed-recipients:"

Tarak Nath · Dec 2, 2019

Hello,

Our all users are receiving unwanted SPAM mails with an attachment where 'TO' address is "undisclosed-recipients:"

We don't know how come they got our email IDs.

Is there any way can we block or reject if any emails comes to "undisclosed-recipients:"

Please help us. We are very worry about such this type of emails.

Regards,
Tarak Nath

rpvw · Dec 2, 2019

Tarak Nath said:
where 'TO' address is "undisclosed-recipients:"

This normally occurs if the mail only had a BCC address and no 'To' address.
You should be able to create a mail filter something along the lines of

Code:

 "If 'To' does not contain '@domainname.tld' discard message"

WARNING I have not tested this rule: use with care and test thoroughly before deploying it on any mission-critical email account.

Tarak Nath · Dec 3, 2019

Thank you @rpvw for the response.

We have created a global rule as per attached screenshot.

Will it works ? Or need to change any.

Regards,
Tarak Nath

rpvw · Dec 3, 2019

I am not sure if the 'undisclosed-recipients' is added by end user mail software or webmail, or by exim itself.
Run some tests using the filter test dialogue on the filter Current filter page.
You may need to add an 'OR' to additionally test for an empty string or the lack of a @ in the 'To' line (you could base the whole filter on the lack of the @ character)

cPanelLauren · Dec 4, 2019

rpvw said:
I am not sure if the 'undisclosed-recipients' is added by end user mail software or webmail, or by exim itself.

We could find out if we saw the headers i'd assume, or better yet the exim transaction, as far as I'm aware nothing cPanel does would add this without some heavy customization of the Exim System Filter. @Tarak Nath is this something you can provide?

Also, welcome back @rpvw

Tarak Nath · Dec 5, 2019

Hello @cPanelLauren ,

What should I provide ? Full email header ?

Just asking, above Global Filter would not work?

Regards,
Tarak Nath

keat63 · Dec 5, 2019

Provide the full email header but take out any information which could be compromised.
Obscure parts of the IP address and the domain name of any email addresses that you don't wish to divulge.

Tarak Nath · Dec 6, 2019

Hello,

Please find the attached screenshot for email header. Hidden our domain and server hostname only.

Regards,
Tarak Nath

cPanelLauren · Dec 6, 2019

All that indicates is that the message was BCC'd as @rpvw suggested earlier, it's added by the software sending the mail when the BCC option is selected. You might even stop looking at the "to" field and select "any header" "contains" "undisclosed-recipients"

Tarak Nath · Dec 8, 2019

Hello @cPanelLauren ,

Thank you for the update.

As per you and what I have understand, I have updated the rule. It will be great help if you please check the attached updated rule and confirm me that whether I have set up correctly or not.

Regards,
Tarak Nath

Thread starter	Similar threads	Forum	Replies	Date
G	Using DMARC to reduce incoming email spam.	Email	4	Jun 30, 2020
G	Incoming mail not always scanned by SpamAssassin	Email	5	May 20, 2020
G	Incoming mails not shown in Mail Delivery Report when they hit Exim option "ACL > SpamAssassin reject spam score threshold"	Email	3	Dec 17, 2019
E	'+spam' added to incoming mail address	Email	2	Mar 2, 2019
C	Incoming email stops working after v76 upgrade when using third-party Anti-spam DNSBL plugin	Email	0	Nov 6, 2018

Search

Search

Incoming Spam |where 'TO' address is "undisclosed-recipients:"

Tarak Nath

Well-Known Member

rpvw

Well-Known Member

Tarak Nath

Well-Known Member

Attachments

rpvw

Well-Known Member

cPanelLauren

Product Owner

Tarak Nath

Well-Known Member

keat63

Well-Known Member

Tarak Nath

Well-Known Member

Attachments

cPanelLauren

Product Owner

Tarak Nath

Well-Known Member

Attachments