Incoming Spam |where 'TO' address is "undisclosed-recipients:"

Tarak Nath · Dec 2, 2019

Hello,

Our all users are receiving unwanted SPAM mails with an attachment where 'TO' address is "undisclosed-recipients:"

We don't know how come they got our email IDs.

Is there any way can we block or reject if any emails comes to "undisclosed-recipients:"

Please help us. We are very worry about such this type of emails.

Regards,
Tarak Nath

rpvw · Dec 2, 2019

Tarak Nath said:
where 'TO' address is "undisclosed-recipients:"

This normally occurs if the mail only had a BCC address and no 'To' address.
You should be able to create a mail filter something along the lines of

Code:

 "If 'To' does not contain '@domainname.tld' discard message"

WARNING I have not tested this rule: use with care and test thoroughly before deploying it on any mission-critical email account.

Tarak Nath · Dec 3, 2019

Thank you @rpvw for the response.

We have created a global rule as per attached screenshot.

Will it works ? Or need to change any.

Regards,
Tarak Nath

rpvw · Dec 3, 2019

I am not sure if the 'undisclosed-recipients' is added by end user mail software or webmail, or by exim itself.
Run some tests using the filter test dialogue on the filter Current filter page.
You may need to add an 'OR' to additionally test for an empty string or the lack of a @ in the 'To' line (you could base the whole filter on the lack of the @ character)

cPanelLauren · Wednesday at 4:16 PM

rpvw said:
I am not sure if the 'undisclosed-recipients' is added by end user mail software or webmail, or by exim itself.

We could find out if we saw the headers i'd assume, or better yet the exim transaction, as far as I'm aware nothing cPanel does would add this without some heavy customization of the Exim System Filter. @Tarak Nath is this something you can provide?

Also, welcome back @rpvw

Tarak Nath · Thursday at 4:51 AM

Hello @cPanelLauren ,

What should I provide ? Full email header ?

Just asking, above Global Filter would not work?

Regards,
Tarak Nath

keat63 · Thursday at 5:40 AM

Provide the full email header but take out any information which could be compromised.
Obscure parts of the IP address and the domain name of any email addresses that you don't wish to divulge.

Tarak Nath · Friday at 2:31 AM

Hello,

Please find the attached screenshot for email header. Hidden our domain and server hostname only.

Regards,
Tarak Nath

cPanelLauren · Friday at 5:12 PM

All that indicates is that the message was BCC'd as @rpvw suggested earlier, it's added by the software sending the mail when the BCC option is selected. You might even stop looking at the "to" field and select "any header" "contains" "undisclosed-recipients"

Tarak Nath · Sunday at 11:18 PM

Hello @cPanelLauren ,

Thank you for the update.

As per you and what I have understand, I have updated the rule. It will be great help if you please check the attached updated rule and confirm me that whether I have set up correctly or not.

Regards,
Tarak Nath

Thread starter	Similar threads	Forum	Replies	Date
E	'+spam' added to incoming mail address	E-mail Discussion	2	Mar 2, 2019
J	Block all incoming SMTP except from ip's of my spam filter service	E-mail Discussion	1	Jul 31, 2018
S	Some incoming messages listed as "filtered" with negative spam score	E-mail Discussion	6	Jul 16, 2018
S	Best practices incoming spam vs outgoing spam	E-mail Discussion	1	Mar 13, 2017
R	Incoming SPAM	E-mail Discussion	1	Oct 14, 2016

Search

Search

Incoming Spam |where 'TO' address is "undisclosed-recipients:"

Tarak Nath

Well-Known Member

rpvw

Well-Known Member

Tarak Nath

Well-Known Member

Attachments

rpvw

Well-Known Member

cPanelLauren

Forums Analyst II

Tarak Nath

Well-Known Member

keat63

Well-Known Member

Tarak Nath

Well-Known Member

Attachments

cPanelLauren

Forums Analyst II

Tarak Nath

Well-Known Member

Attachments