Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
839
Views
0
Helpful
1
Replies

A way to deny incoming BCC email

darkw1y
Level 1
Level 1

‎10-26-2018 01:00 AM

Hello guys,


I have read that by RCP standard it is not possible to detect BCC fields with ESA, because they are known only to first Mail relay server and after ESA gets it, it already has that BCC info as 'RCPT'.

However, why does Outlook see the RCPT then as someone else rather than the domain that received that email (because it was BCC'd).

Example:
From: possible@phishing.com

To: random@email.com

Yet I receive it on my personal e-mail, which is not random@email.com. Of course, I know I was BCC'd here, but still on the other hand we talk that ESA cannot detect that... however, somehow the ORIGINAL 'To' information was forwarded to Outlook.

How can I get that original 'To' in ESA logs? I would create a filter that would say:

if( originalTo != esaTo ) { 
drop();
}




Kindly ask for assistance here.

Thanks.

dw

Labels:
0 Helpful
1 Reply 1

Libin Varghese
Cisco Employee
Cisco Employee

‎11-03-2018 10:35 PM

ESA cannot perform filtering based on bcc addresses specifically since that is considered a rcpt-to as well.

ESA cannot distinguish a recipient to be cc or bcc.

 

Information on all recipients are available in mail_logs and message tracking details.

 

I shared the feature request to allow comparison of headers in one of your other posts.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb97836/?reffering_site=dumpcr

 

Regards,

Libin

0 Helpful
Customers Also Viewed These Support Documents