Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need some Outlook input!


  • Please log in to reply
1 reply to this topic

#1 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:11:58 PM

Posted 07 April 2010 - 09:15 PM

Odd thing happened while entering an address in Outlook, I typed the name of the person and Outlook completed the address! How the heck did Outlook know what the tail end was?? What I finally surmised is that I have received mail but "ONLY" as blind copies with this address, I have never received or sent mail to this person, that leads me to believe that Outlook stores all incoming addresses even if they are blind copies. This seems like a privacy issue to me, if OL stores addresses then they can possibly be retrieved by an outside source.

Phil

Honesty & Integrity Above All!


BC AdBot (Login to Remove)

 


#2 Ken-in-West-Seattle

Ken-in-West-Seattle

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 08 April 2010 - 12:00 PM

This is more historic than anything else I believe. Current email servers, smtp servers and even clients strip the bcc info out if it makes it past the previous system in the mailroute. It was handled differently in very early mail servers.

There was an early version of exchange server and a couple of the older MS mail disasters that did not properly create or parse the bcc field, but I am pretty sure those are no longer in use.

http://www.livinginternet.com/e/ea_bcc.htm


Note there is a potential security flaw in the BCC feature. According to the conventions of the SMTP protocol, all addresses, including BCC addresses, are included in every email as it is sent over the Internet. The BCC addresses are stripped off blind copy email only at the destination email server. Therefore, if the addressee controls their email server or can access it, they could examine the BCC addresses on every email they receive. SMTP is designed this way for a couple of reasons:

* Efficiency. It would take a lot more code and processing time to create a unique addressee list for each email to each BCC destination.

* Efficiency again. With this convention, only one email needs to be sent to each domain. The email server at each domain reads all of the BCC addresses and sends a copy of the email (without any addresses) to each of recipients at its domain.

Very occasionally, an email server will be misconfigured and not strip off the BCC list on email it sends to its local users, revealing the complete blind copy address field to users that receive the email at that domain. Therefore, BCC is very good but not perfect at keeping addresses confidential, and should not be relied on for the most critical and sensitive of communications. To avoid this problem you can always send the email to the main addressee, and then forward it old fashioned-way to those that you wish to have a copy.



This link is the current smtp spec:
http://www.ietf.org/rfc/rfc2821.txt


and an overview and history of smtp from wikipedia.
http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol

Note: most of the changes in smtp were made in the 90's to try and combat spam. I only worked for a few months until spammers changed tactics.

Edited by Ken-in-West-Seattle, 08 April 2010 - 12:03 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users