Hello All,
Currently we have setup the use case to send the emails whenever a condition is satisfied and an alert is fired up.
My concern is whenever the email is received we are receiving the address in the FROM field as "abc.xyz+untrusted@jkl.com", and we think that some mail boxes are not getting these emails from the specific untrusted email address,
please correct me if i am misunderstood.
Also, is there a way to add this "abc.xyz@jkl.com" to the trusted email group or something like that?
or is there a different way to get the actual email address instead of the +untrusted email whenever an email is sent out from splunk.
Hope this makes sense.
Thanks,
Okay Thanks for the suggestions.. i will reach out to our exchange team and see if they can provide a solution and will post the outcome here.
Thanks.
@im_bharath - I think this is being done by your email security system rather than Splunk.
I hope this helps!!!
Hi
as @VatsalJagani said this syntax ab.cd+something@foo.bar is used by some mail systems to reroute addresses to correct recipient by that "+something". So you must contact to your email provider to add that new domain to trusted ones.
r. Ismo
If you use on-prem Splunk Enterprise then you can set the From email address to any value you wish. If you use Splunk Cloud then the From address cannot be changed.
Either way, I get the impression "+untrusted" is being added to the From field after the message leaves Splunk - probably by your email service. You should talk to your email admin about that.