Incoming Spam |where 'TO' address is "undisclosed-recipients:"

Tarak Nath

Well-Known Member
Mar 12, 2018
83
13
8
India
cPanel Access Level
Root Administrator
Hello,

Our all users are receiving unwanted SPAM mails with an attachment where 'TO' address is "undisclosed-recipients:"

We don't know how come they got our email IDs.

Is there any way can we block or reject if any emails comes to "undisclosed-recipients:"

Please help us. We are very worry about such this type of emails.

Regards,
Tarak Nath
 

rpvw

Well-Known Member
Jul 18, 2013
1,091
449
113
UK
cPanel Access Level
Root Administrator
where 'TO' address is "undisclosed-recipients:"
This normally occurs if the mail only had a BCC address and no 'To' address.
You should be able to create a mail filter something along the lines of
Code:
 "If 'To' does not contain '@domainname.tld' discard message"
WARNING I have not tested this rule: use with care and test thoroughly before deploying it on any mission-critical email account.
 
  • Like
Reactions: cPanelLauren

rpvw

Well-Known Member
Jul 18, 2013
1,091
449
113
UK
cPanel Access Level
Root Administrator
I am not sure if the 'undisclosed-recipients' is added by end user mail software or webmail, or by exim itself.
Run some tests using the filter test dialogue on the filter Current filter page.
You may need to add an 'OR' to additionally test for an empty string or the lack of a @ in the 'To' line (you could base the whole filter on the lack of the @ character)
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,421
689
263
Houston
cPanel Access Level
DataCenter Provider
I am not sure if the 'undisclosed-recipients' is added by end user mail software or webmail, or by exim itself.
We could find out if we saw the headers i'd assume, or better yet the exim transaction, as far as I'm aware nothing cPanel does would add this without some heavy customization of the Exim System Filter. @Tarak Nath is this something you can provide?


Also, welcome back @rpvw :)
 

keat63

Well-Known Member
Nov 20, 2014
1,407
115
93
cPanel Access Level
Root Administrator
Provide the full email header but take out any information which could be compromised.
Obscure parts of the IP address and the domain name of any email addresses that you don't wish to divulge.
 
  • Like
Reactions: cPanelLauren