An MSA listening on either port 25 or 587 should NOT be looking at
To/Cc/Bcc headers. They should only be looking at RCPT TO. See RFC 2476.
Tony Hansen
tony(_at_)att(_dot_)com
Nathaniel Borenstein wrote:
OK, fine, got me again, I meant an MSA -- which is generally, in
practice, the same code as an MTA, but functioning as an MSA (e.g.
sendmail listening on port 25 or 587 for message submission).
As to why this is worse than the similar situation with To/CC/etc
(Keith's question) -- nobody ever *intends* for those field values to be
hidden from the recipient, as they do with bcc. -- Nathaniel