[Top] [All Lists]

Re: 2822 To: header (was Re: [ietf-dkim] Mailing lists as 2822-Sender)

2007-12-06 07:22:24

David F. Skoll wrote:
Hector Santos wrote:

[David Skoll]
Otherwise, you risk exposing Bcc: addresses.

[Ned Freed]

[Hector Santos]
I don't see it Ned, and reviewing this is putting a hurting on my brain.

In direct offline response to your BCC concern, but you moved back here and failed to show an important pieces of the response, what I said off-list can be summarized as follows:

A) The MUA is responsible for pulling the BCC, so there is no risk of exposure.

B) In the rare scenario where there the MUA creating a Multiple To:, and a Bcc message, and there is no headers sent, there is no risk because there were be 2 or more separate messages created by the post mail processor, not MSA or MDA, one for each and each one assigned a TO: with its corresponding recipient address. So there is absolute no risk of exposure.

As to why it may done, I also said:

C) A primary reason, as Ned pointed out too, is to offer strict 822 compatibility.

D) The presentation layer is important here. Customers will REAM you
if you don't tell in the the To: field in presentation devices.

E) It might be assigned something else like "To: All" depending if the message is going to some special local conference forum or even gated newsgroup.

F) There are still applications, like prints, instant message, cell phone text mail, even fax jobs where local mail bots are used.

All was in direct response to the concern you had with BCC.


Hector Santos, CTO

<Prev in Thread] Current Thread [Next in Thread>