What is the syntax to query All Messages with a Blank To: line in the Cloud Protection Layer or Email Security Gateway?
A vast majority of emails which get by BRTS and Intent Analysis filters often do not have recipients in the To: line due to BCC: usage.
Barracuda adds a dash, when the To: line is blank; however, the dash is not searchable. Note: these are not email is the Undisclosed Recipients attribute which is searchable.
To assist in threat hunting, we have not been able to figure out this syntax out.
Any assistance is appreciated.
Phishing email text.
< Click me >