cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1225
Views
0
Helpful
0
Replies

Denying BCC incoming email

darkw1y
Level 1
Level 1

Hello guys,


I have read that by RCP standard it is not possible to detect BCC fields with ESA, because they are known only to first Mail relay server and after ESA gets it, it already has that BCC info as 'RCPT'.

However, why does Outlook see the RCPT then as someone else rather than the domain that received that email (because it was BCC'd).

Example:
From: possible@phishing.com

To: random@email.com

Yet I receive it on my personal e-mail, which is not random@email.com. Of course, I know I was BCC'd here, but still on the other hand we talk that ESA cannot detect that... however, somehow the ORIGINAL 'To' information was forwarded to Outlook.

How can I get that original 'To' in ESA logs? I would create a filter that would say:

if( originalTo != esaTo ) { 
drop();
}




Kindly ask for assistance here.

Thanks.

dw

0 Replies 0