Incoming Spam |where 'TO' address is "undisclosed-recipients:"

Tarak Nath

Well-Known Member
Mar 12, 2018
89
14
8
India
cPanel Access Level
Root Administrator
Hello,

Our all users are receiving unwanted SPAM mails with an attachment where 'TO' address is "undisclosed-recipients:"

We don't know how come they got our email IDs.

Is there any way can we block or reject if any emails comes to "undisclosed-recipients:"

Please help us. We are very worry about such this type of emails.

Regards,
Tarak Nath
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
457
113
UK
cPanel Access Level
Root Administrator
where 'TO' address is "undisclosed-recipients:"
This normally occurs if the mail only had a BCC address and no 'To' address.
You should be able to create a mail filter something along the lines of
Code:
 "If 'To' does not contain '@domainname.tld' discard message"
WARNING I have not tested this rule: use with care and test thoroughly before deploying it on any mission-critical email account.
 
  • Like
Reactions: cPanelLauren

rpvw

Well-Known Member
Jul 18, 2013
1,101
457
113
UK
cPanel Access Level
Root Administrator
I am not sure if the 'undisclosed-recipients' is added by end user mail software or webmail, or by exim itself.
Run some tests using the filter test dialogue on the filter Current filter page.
You may need to add an 'OR' to additionally test for an empty string or the lack of a @ in the 'To' line (you could base the whole filter on the lack of the @ character)
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
I am not sure if the 'undisclosed-recipients' is added by end user mail software or webmail, or by exim itself.
We could find out if we saw the headers i'd assume, or better yet the exim transaction, as far as I'm aware nothing cPanel does would add this without some heavy customization of the Exim System Filter. @Tarak Nath is this something you can provide?


Also, welcome back @rpvw :)
 

keat63

Well-Known Member
Nov 20, 2014
1,852
224
93
cPanel Access Level
Root Administrator
Provide the full email header but take out any information which could be compromised.
Obscure parts of the IP address and the domain name of any email addresses that you don't wish to divulge.
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
All that indicates is that the message was BCC'd as @rpvw suggested earlier, it's added by the software sending the mail when the BCC option is selected. You might even stop looking at the "to" field and select "any header" "contains" "undisclosed-recipients"