Bcc

[John]

I am sending out newsletters to my customers by sending
to myself and doing a Bcc to my customers, but if the
customer right clicks on the e mail, selects properties
then details he can see everyones e mail addresses.

Surely the whole idea of Bcc is to hide the other
recepients details.

Any ideas on a fix would be welcome.

 

[Lanwench [MVP - Exchange]]

Have you seen this demonstrated in person? BCC should absolutely not allow
for this....only the sender can see the recipient addresses in that field.

 

[*Vanguard*]

John said in news:[email protected]:

I am sending out newsletters to my customers by sending
to myself and doing a Bcc to my customers, but if the
customer right clicks on the e mail, selects properties
then details he can see everyones e mail addresses.

Surely the whole idea of Bcc is to hide the other
recepients details.

Any ideas on a fix would be welcome.

You actually have a *recipient* of your message that can right-click on
the Bcc field to see the list of recipients? Or is it YOU that is
clicking on YOUR sent copy of your message and can see the Bcc list?

 

[John]

-----Original Message-----
John said in news:165de01c447d2$62e42680 [email protected]:

You actually have a *recipient* of your message that can right-click on
the Bcc field to see the list of recipients? Or is it YOU that is
clicking on YOUR sent copy of your message and can see

the Bcc list?

It is the recepient that can see the Bcc list

 

[Guest]

-----Original Message-----
Have you seen this demonstrated in person? BCC should absolutely not allow
for this....only the sender can see the recipient

addresses in that field.

Yes I've seen it, try it yourself!

 

[Lanwench [MVP - Exchange]]

Yes I've seen it, try it yourself!

I have done - never seen it fail to hide the BCC field. That's what the B
is - "blind". Only the sender can see the contents. What field is the sender
seeing the recipients in?

Perhaps you ought to talk to your ISP or that of the recipients....some
older SMTP servers might mess this up, but even in that case not usually
when there's *something* specified in the TO field as well, such as the
sender's own e-mail address.

 

[*Vanguard*]

John said in news:[email protected]:

It is the recepient that can see the Bcc list

Possibilities are:

- You really are not using Outlook. Outlook does NOT insert a BCC
header in the message body (which is both the headers as defined and
inserted in the DATA command to the SMTP server along with the content
of the message; i.e., they really are not separate pieces of the
message). Perhaps you are using a plug-in or 3rd party product to send
your "newsletters" and it is inserting the Bcc header. The *sender*
dictates what headers will get inserted into the message (other than
those that get prepended, if any, by each relay or by the mail servers).
If you read RFC 2822, "Internet Message Format", the To, Cc, and Subject
headers are optional (they may appear zero or one times) and are created
by the *sender*, not by the sending mail server (because they are not
part of the commands sent between the client e-mail program and the mail
server). The mail server cannot do anything about a client program
inserting the Bcc header, or any other headers, like those X-<something>
non-standard headers that are often used for special purposes. The From
header, according to RFC 2822, is required (but some mail servers don't
check) and that it must contain a "mailbox-list" but, again, many mail
servers don't check (and why some users will complain about getting a
blank From header in a received message). For SMTP defined by RFC 2821
(you didn't mention what server type you use), the RCPT commands sent
from the mail client to the mail server are used to define the
recipients of the message, not the To, Cc, and Bcc headers with are
merely *data* within the message. The list of recipients specified by
the RCPT command are *NOT* listed in the headers prepended by the mail
server. Unless the mail client inserts its own Bcc header (which is
data, not a command or directive), the recipient won't know what
recipients were listed in the RCPT commands issued to the sending mail
server.

- I recall reading about some really old mail servers that violated the
RFCs by not stripping out any Bcc header that the mail client might have
inserted. The RFCs aren't quite clear as to which end is responsible.
I believe they mention that the sending mail server should remove it
but, if not, then the receiving mail server should strip it out.
However, leaving it up to the receiving mail server means you are
relinquishing control to an uncontrolled mail server and its peculiar
and perhaps non-standard behaviors.

- You are using some misconfigured or rogue mail server that itself
inserts a Bcc header into your message consisting of a compendium of all
recipients that were specified in the RCPT commands that were sent to
that mail server. Contact your ISP. If they don't change then wonder
for what purpose they chose to disobey Internet standards. Maybe they
are idiots and think this is some anti-spam measure (so recipients won't
know that you delivered your boilerplate message to thousands of
recipients and they aren't special). However, that violates the
expected privacy of recipients that no one but the sender has their
e-mail address.

So you might be using Outlook but something else is inserting the Bcc
header. Could be a plug-in or mail-merge tool that generates the body
of the message and adds the Bcc header and then just uses Outlook to do
the sending. Could be a problem with your mail server. The recipients
listed in the Bcc header should never see each other's e-mail addresses
because the Bcc header should never exist. Note that RFC 2822 *does*
allow the insertion of the Bcc header; i.e., it may appear zero or one
times - but that is part of the *data* of the message that your e-mail
client or something generating or modifying its data stream puts into
the message, and should not be something inserted by your mail server.

While http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2822.html#sec-3.6.3
gets vague as to how the Bcc field is handled, I've have never had a
recipient that actually had a Bcc header in my message that they
received where recipients were listed in the Bcc field in Outlook. What
happens if you use Outlook Express or the webmail interface to your
e-mail account, if available?

 

[Francine Otterson]

John,

When I tested this I am only able to see the prosperities of those listed in
TO: and FROM: fields. Actually the BCC field does not even appear when you
send an email.

I am using Outlook 2003 so I am not sure if this makes a difference.

 

[Alexander Gorlach]

Hello!

It is impossible, but you can take Send Personally add-in (
http://www.mapilab.com ) to avoid it.

-----Original Message-----
From: John [mailto:[email protected]]
Posted At: Wednesday, June 02, 2004 11:29 AM
Posted To: microsoft.public.outlook.general
Conversation: Bcc
Subject: Re: Bcc

-----Original Message-----
John said in news:165de01c447d2$62e42680 [email protected]:

You actually have a *recipient* of your message that can right-click on
the Bcc field to see the list of recipients? Or is it YOU that is
clicking on YOUR sent copy of your message and can see

the Bcc list?

It is the recepient that can see the Bcc list

--
_________________________________________________________ ___
*** Post replies to newsgroup. Share with others.
*** Email domain = ".com" *AND* append "=NEWS=" to Subject.
___


.

 

[Babylon]

Hi.

I really don't understand why people are so definite with their
replies when there are always possibilities. Perhaps you think MS
products do not have errors?!

"Vanguard" gave a verbose rejection of the possibility that Outlook or
a 'good' mail server would send out Bcc information. Mr Gorlach takes
this to the extreme by saying it is "impossible".

Well, actually, it does happen. Proof:

MS Outlook 2002, SP3 on Xp Pro SP1. Using Exchange 5.5 SP4 and
Exchange 2000 SP3 sending through SMTP connector on E2K to PMDF
(Solaris) system. Message sent to Hotmail account as Bcc. One other
address added to Bcc. No Address in the To field.

(ANSWER FOR JOHN >>> All is ok if at least one address is in the To
field<<<).

Hotmail message looks like this: (the names have been changed to
protect the innocent)

-----------------------------------------------------------

From : surname, firstname <[email protected]>
Sent : Thursday, July 8, 2004 9:28 AM

To : (e-mail address removed), (e-mail address removed) <<<=== Look!

Subject : From OL2002, No To address, 2 x Bcc addresses

| | | Inbox

MIME-Version: 1.0
Received: from smtpmail.myorg.org ([999.999.2.12]) by
mc6-f31.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 8 Jul
2004 02:28:34 -0700
Received: from CONVERSION-DAEMON.smtpmail.myorg.org by
smtpmail.myorg.org (PMDF V6.2-X17 #30673) id
<[email protected]> for (e-mail address removed); Thu, 08
Jul 2004 11:28:59 +0200 (MEST)
Received: from server1.myorg.org (server1.myorg.org [999.999.2.80]) by
smtpmail.myorg.org (PMDF V6.2-X17 #30673) with ESMTP id
<[email protected]>; Thu, 08 Jul 2004 11:28:58
+0200 (MEST)
X-Message-Info: JGTYoYF78jEtIims3qFfQT3z7KsBOhfd
Message-id: <[email protected]>
X-MIMEOLE: Produced By Microsoft Exchange V6.0.6487.1
Thread-Topic: From OL2002, No To address, 2 x Bcc addresses
thread-index: AcRkzesHYQUYaVAGRUeRzpZO7foIiw==
Content-Class: urn:content-classes:message
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Return-Path: (e-mail address removed)
X-OriginalArrivalTime: 08 Jul 2004 09:28:35.0056 (UTC)
FILETIME=[F12D2F00:01C464CD]

--------------------------------------------------------------------------------

View E-mail Message Source
Content-Type: multipart/alternative;
boundary="Boundary_(ID_K2O4EJzxUPhKR8glUgYq1g)"
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7BIT

Test
From OL2002, No To address, 2 x Bcc addresses

-----------------------------------------------------------

Have a nice day!

Babylon

Hello!

It is impossible, but you can take Send Personally add-in (
http://www.mapilab.com ) to avoid it.

-----Original Message-----
From: John [mailto:[email protected]]
Posted At: Wednesday, June 02, 2004 11:29 AM
Posted To: microsoft.public.outlook.general
Conversation: Bcc
Subject: Re: Bcc

-----Original Message-----
John said in [email protected]:
I am sending out newsletters to my customers by sending
to myself and doing a Bcc to my customers, but if the
customer right clicks on the e mail, selects properties
then details he can see everyones e mail addresses.

Surely the whole idea of Bcc is to hide the other
recepients details.

Any ideas on a fix would be welcome.

You actually have a *recipient* of your message that can right-click on
the Bcc field to see the list of recipients? Or is it YOU that is
clicking on YOUR sent copy of your message and can see

the Bcc list?

It is the recepient that can see the Bcc list

--
_________________________________________________________ ___
*** Post replies to newsgroup. Share with others.
*** Email domain = ".com" *AND* append "=NEWS=" to Subject.
_________________________________________________________ ___


.

 

[Brian Tillman]

I really don't understand why people are so definite with their
replies when there are always possibilities. Perhaps you think MS
products do not have errors?!

"Vanguard" gave a verbose rejection of the possibility that Outlook or
a 'good' mail server would send out Bcc information. Mr Gorlach takes
this to the extreme by saying it is "impossible".

Well, actually, it does happen. Proof:

MS Outlook 2002, SP3 on Xp Pro SP1. Using Exchange 5.5 SP4 and
Exchange 2000 SP3 sending through SMTP connector on E2K to PMDF
(Solaris) system. Message sent to Hotmail account as Bcc. One other
address added to Bcc. No Address in the To field.

What makes you think it's not PMDF or the PMDF/E2K channel? Neither of
those are MS products. Talk to Process Software. Perhaps they've heard of
it.