[Top] [All Lists]

Re: "proper" handling of BCC

2012-05-23 09:03:08

Hector Santos wrote:

The point is that AFAIK for a long time, the way it worked for most systems, the BCC is stripped and two mail streams are sent. (I am going to do a test with my TBIRD shortly to confirm, but I use to use OE and it was the same way.)

That means the end-point MUA will never really know unless:

  - The BCC is kept in the 2nd Private Stream Only,

  - A special top note is written making the reader aware of the
    privacy nature.

According to the TBIRD test, it stripped the BCC, and used one transaction (with two RCPT TO). I just did the test with OE, and the same happen.

Our PX MUA creates two messages, one with the special privacy note. I don't see off hand how this can be otherwise be done currently today without some new IETF MSA proposal that the source MUA is aware of. If its going to use a single transaction with multiple RCPT TO lines, the RCPT TO: needs an attribute or a new command - RCPT BCC: or something like that.

But the fact that its one transaction, to me, the design assumption by these MUA is that the backend is not expected to do anything here, and its doesn't expect the MSA to reconstruction the distribution list. That would be a major flaw here when it comes to the BCC.


<Prev in Thread] Current Thread [Next in Thread>