Jump to content


Photo

Syntax to query Message Log for emails with a blank To: line?


  • Please log in to reply
No replies to this topic

#1 Glenn Zarate

Glenn Zarate
  • Members
  • 1 posts

Posted 18 October 2018 - 11:46 AM

What is the syntax to query All Messages with a Blank To: line in the Cloud Protection Layer or Email Security Gateway?

A vast majority of emails which get by BRTS and Intent Analysis filters often do not have recipients in the To: line due to BCC: usage.

Barracuda adds a dash, when the To: line is blank; however, the dash is not searchable. Note: these are not email is the Undisclosed Recipients attribute which is searchable.

To assist in threat hunting, we have not been able to figure out this syntax out.

Any assistance is appreciated.

 

 

Example:

From: badguy@yahoo.com

To: -    

 

Phishing email text.

< Click me >