Ways it can be handled is for the MUA to submit the BCC header to the
MSA and have it remove the header while cloning the message to create
one master and one copy for each BCC listing only the Address, have
the MSA scan the To and CC assuming that any RCPT-TOs not there are
BCCs and do the cloning, OR add a BCC indicator to the RCPT-TO and do
the cloning. Not that the first 2 alter the MSA while the last alters
both the MSA and MUA.
It's certainly possible to have the MSA make the message copy, but we'd
need to define an extension for that. No such extension exists AFAIK.
Given the lack of such an extension at present, it's up to the MUA to do it.
With the understanding that the primary goal is to prevent other recipients
from being aware of the bcc, this inevitably leads to not mentioning the bcc
recipient in the header the other recipients see. The simple way that most (but
by no means all) user agents employ is to send a single copy and only have the
bcc recipient in the envelope. This can be improved on by sending (n+1) copies,
where n is the number of bcc recipients, one for all the other recipient and
one for each bcc with their address in a bcc field.
As I said previouly, the choice between the two is primarily an implementation
quality issue. The additional bandwidth consumption involved is rarely if ever
worth worrying about, even for mobile devices. (And in the mobile case, if the
message is large it's likely being forwarded at least in part, and we have
other ways to address that.)
In any case there needs to be some way of indicating the BCC
contents. Note that there needs to be a way of triggering the
insertion/display of the BCC listing only the recipient in the
recipient's copy of the message that WILL NOT get triggered by a
normal Mailing List message. Options 1 and 3 above qualify since
there is a indication to the MSA to clone the message with a BCC.
Option 2 since it triggers via a mismatch between the To/CC contents
and that of the RECPT-TO will be the problem since there would be no
difference to the MSA between a BCC and a Mailing List generated
message.
There are all sorts of ways of doing it. The real question is whether
or not it's worth the bother at this late date, especially since
clients cannot count on the extension being present and therefore
have to have a fallback option. It won't do to expose bcc recipients
when the extension isn't available.
Ned