Jump to content
Posted 07 April 2010 - 09:15 PM
Honesty & Integrity Above All!
Posted 08 April 2010 - 12:00 PM
Note there is a potential security flaw in the BCC feature. According to the conventions of the SMTP protocol, all addresses, including BCC addresses, are included in every email as it is sent over the Internet. The BCC addresses are stripped off blind copy email only at the destination email server. Therefore, if the addressee controls their email server or can access it, they could examine the BCC addresses on every email they receive. SMTP is designed this way for a couple of reasons:
* Efficiency. It would take a lot more code and processing time to create a unique addressee list for each email to each BCC destination.
* Efficiency again. With this convention, only one email needs to be sent to each domain. The email server at each domain reads all of the BCC addresses and sends a copy of the email (without any addresses) to each of recipients at its domain.
Very occasionally, an email server will be misconfigured and not strip off the BCC list on email it sends to its local users, revealing the complete blind copy address field to users that receive the email at that domain. Therefore, BCC is very good but not perfect at keeping addresses confidential, and should not be relied on for the most critical and sensitive of communications. To avoid this problem you can always send the email to the main addressee, and then forward it old fashioned-way to those that you wish to have a copy.
Edited by Ken-in-West-Seattle, 08 April 2010 - 12:03 PM.
0 members, 0 guests, 0 anonymous users