Hello guys,
I have read that by RCP standard it is not possible to detect BCC fields with ESA, because they are known only to first Mail relay server and after ESA gets it, it already has that BCC info as 'RCPT'.
However, why does Outlook see the RCPT then as someone else rather than the domain that received that email (because it was BCC'd).
Example:
From: possible@phishing.com
To: random@email.com
Yet I receive it on my personal e-mail, which is not random@email.com. Of course, I know I was BCC'd here, but still on the other hand we talk that ESA cannot detect that... however, somehow the ORIGINAL 'To' information was forwarded to Outlook.
How can I get that original 'To' in ESA logs? I would create a filter that would say:
if( originalTo != esaTo ) {
drop();
}
Kindly ask for assistance here.
Thanks.
dw