Alerting

Adding emails to Trusted group

im_bharath
Path Finder

Hello All, 

Currently we have setup the use case to send the emails whenever a condition is satisfied and an alert is fired up.

My concern is whenever the email is received we are receiving the address in the FROM field as "abc.xyz+untrusted@jkl.com",   and we think that some mail boxes are not getting these emails from the specific untrusted email address, 

please correct me if i am misunderstood. 

Also, is there a way to add this "abc.xyz@jkl.com" to the trusted email group or something like that?

or is there a different way to get the actual email address instead of the +untrusted email whenever an email is sent out from splunk.

Hope this makes sense. 

Thanks, 

Labels (3)
0 Karma

im_bharath
Path Finder

Okay Thanks for the suggestions.. i will reach out to our exchange team and see if they can provide a solution and will post the outcome here.

Thanks.  

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@im_bharath - I think this is being done by your email security system rather than Splunk.

 

I hope this helps!!!

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

as @VatsalJagani said this syntax ab.cd+something@foo.bar is used by some mail systems to reroute addresses to correct recipient by that "+something". So you must contact to your email provider to add that new domain to trusted ones.

r. Ismo

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If you use on-prem Splunk Enterprise then you can set the From email address to any value you wish.  If you use Splunk Cloud then the From address cannot be changed.

Either way, I get the impression "+untrusted" is being added to the From field after the message leaves Splunk - probably by your email service.  You should talk to your email admin about that.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...