FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
Article Id 253928
Description This article describes how to detect emails that are missing the 'To:' header.
Scope FortiMail.

A DLP profile will not detect any email that has both 'From:' AND 'To:' in its headers. This means that if the 'From:' tag is present, the email will only be detected if there is no 'To'.

Enable the DLP feature using the following hidden command if it is not already enabled:


# config system global

    set data-loss-prevention enable


Navigate to Data Loss Prevention -> Rule & Profile -> Rule in the GUI and create a new DLP rule. Give it a regex header condition ^From:.*$ and add a regex header exception ^To:.*$. See the screenshots below:


Rule Condition.png

 Rule Exception.png


Create a DLP profile and assign the previously created DLP rule to the profile. Finally, apply the DLP profile to the concerned recipient policy or policies.