Hector Santos wrote:
The point is that AFAIK for a long time, the way it worked for most
systems, the BCC is stripped and two mail streams are sent. (I am going
to do a test with my TBIRD shortly to confirm, but I use to use OE and
it was the same way.)
That means the end-point MUA will never really know unless:
- The BCC is kept in the 2nd Private Stream Only,
- A special top note is written making the reader aware of the
privacy nature.
According to the TBIRD test, it stripped the BCC, and used one
transaction (with two RCPT TO). I just did the test with OE, and the
same happen.
Our PX MUA creates two messages, one with the special privacy note. I
don't see off hand how this can be otherwise be done currently today
without some new IETF MSA proposal that the source MUA is aware of.
If its going to use a single transaction with multiple RCPT TO lines,
the RCPT TO: needs an attribute or a new command - RCPT BCC: or
something like that.
But the fact that its one transaction, to me, the design assumption by
these MUA is that the backend is not expected to do anything here, and
its doesn't expect the MSA to reconstruction the distribution list.
That would be a major flaw here when it comes to the BCC.
--
HLS