[Top] [All Lists]

Re: "proper" handling of BCC

2012-05-23 08:00:14


When I added this special note to our MUA (PX - Platinum Xpress) it was due because there was no current way to get this information to the BCC target. Since the PX MUA was specifically written for sysops, this activity would be higher than normal and it was important any BCC would get a top-posting note. MIME was not an issue at the time. It was all pure text.

Even if there was a IETF proposal, it would be for the new stuff, and you could not take a chance any IETF protocol level support not be available, so the PX MUA had to do it.

I don't see how it be done without the sending, mail creation MUA have some knowledge about it or knowledge the backend will do it. That is why in my last post, I winged it with using a SMTP extension proposal using a BLIND keyword.

  The BLIND[=options]

  NOTE - MSA router MAY add the "This is blind copy" body text
  BCC  - MSA router MAY add the 5322.BCC for the blind recipient only.

  none - MSA router decides.
          - For MIME mail, assume BLIND=BCC
          - For text/plain simple mail, assume BLIND=NOTE

The point is that AFAIK for a long time, the way it worked for most systems, the BCC is stripped and two mail streams are sent. (I am going to do a test with my TBIRD shortly to confirm, but I use to use OE and it was the same way.)

That means the end-point MUA will never really know unless:

  - The BCC is kept in the 2nd Private Stream Only,

  - A special top note is written making the reader aware of the
    privacy nature.

I don't know if this answers your questions. I am just looking at the technical aspects of it on how to technically implement it today. No matter what, BCC targets must be made aware somehow so they they don't mistakenly reply to all and that can only be done at the source today (or the client MUA is 100% aware of its backend server MSA is going to this work).


Robert A. Rosenberg wrote:

At 16:14 -0400 on 04/15/2012, Robert A. Rosenberg wrote about Re: "proper" handling of BCC:

At 10:04 -0500 on 03/01/2012, Hector Santos wrote about Re: "proper" handling of BCC:

There is also the consideration regarding displaying. The MUA may want to inform the BCC recipient to the privacy nature of the message:


Query - For issuing this message, how do you determine that the recipient is getting a copy of the message without being listed in a To or Cc header due to being BCC'ed or being subscribed to a mailing list (or do you treat a mailing list received copy as a BCC'ed copy)?

I ignore the case of being listed in a To or Cc as a suppressed address (ie: Group-Name:add1, add2, etc. ;) since the existence of a group-name:; comment implies a hidden BCC list.

I asked this question over a month ago and there were a number of replies which branched off from my query but did not answer it (due to misunderstanding my question or shoving the support onto the MSA).

Thus I will ask it and try to be more explicit in what I want to understand.

The situation is that I have just received a normal message with NO explicit indication that I was BCC'ed in the message body or via a header. IOW: I am not listed in the supplied TO or CC header (although I may be listed in a Received For clause if I am the only recipient in my domain).

This BCC delivery would be due to being listed in the BCC header by the sender, being listed in a Group-name:address-1, address-2,etc.; address in the To or Cc header (shown in the received message as Group-name:;), or being sent the message by a mailing list. As I state, I will ignore the mailing list delivery as non-BCC (assuming that there is a List-ID header to flag this) and ask ONLY about the other two which are true cases of being BCC'ed.

With that out of the way, I am reading a received message and want my MUA to warn me that replying will expose to whoever I reply to via Reply-To-All (ie: The To,Cc,From/Sender addresses) that I received a copy (even though not listed as To or Cc). Note that this is a warning that the MUA sends me when I try to queue/send the reply.

My question is how would it decide that I should be warned in lieu of the message actually getting queued/sent. I will assume a sanity-check that the warning should NOT be raised if the message being replied to has a List-ID header (ie: It is OK to reply to mailing list messages since if you only want to lurk/monitor you should be cognizant of the fact the message came from a mailing list and it is your fault for responding if you do not want to indicate you are subscribed). Thus we are talking about only true BCC'ed messages. The only way I can see for the MUA to detect this is to look for me in the To and Cc headers and not finding me there (and not finding a List-ID) to issue the warning.

<Prev in Thread] Current Thread [Next in Thread>