At 8:21 AM -0800 2/28/12, Ned Freed wrote:
> (Not to mention that bcc "fields" should not exist anyway - that's the
whole point)
Strongy disagree. The problem with implementations that cheat and implement
Bcc: by generating a single message copy with the Bcc: addresses only
appearing in the envelope is that those recipients do not get any sort
of indication that that were Bcc:'ed. If they don't realize that and
do a reply-all, the cat's out of the bad and the sender may be in big
trouble.
Another source of potential BCC leakage are MTAs, which might record
all local recipients. Most MTAs only record the recipient in a
"Received:" header field if there is only one, but there have been
some which record all. If the MUA generates multiple message objects
and transactions, it no longer relies on the MTAs also not letting
the feline escape its confinement/concealment.
And since users are careless, it really makes a lot of sense for MUAs
to check and see if they are doing a reply-all to a message that was Bcc:'ed
to them. That's only possible if a Bcc: field is present in their copy
of the message.
Good point.
In short, this is an implementation quality issue. The MUA I'm using to
enter this messages handles all of this correctly.
Ned
--
Randall Gellens
Opinions are personal; facts are suspect; I speak for myself only
-------------- Randomly selected tag: ---------------
Politics offers yesterday's answers to today's problems.
--Marshall McLuhan