Re: "proper" handling of BCC
John C Klensin <john+smtp <at> jck.com>
2012-05-23 05:48:21 GMT
--On Tuesday, May 22, 2012 23:45 -0400 "Robert A. Rosenberg"
<hal9001 <at> panix.com> wrote:
> The situation is that I have just received a normal message
> with NO explicit indication that I was BCC'ed in the message
> body or via a header. IOW: I am not listed in the supplied TO
> or CC header (although I may be listed in a Received For
> clause if I am the only recipient in my domain).
> This BCC delivery would be due to being listed in the BCC
> header by the sender, being listed in a Group-name:address-1,
> address-2,etc.; address in the To or Cc header (shown in the
> received message as Group-name:;), or being sent the message
> by a mailing list. As I state, I will ignore the mailing list
> delivery as non-BCC (assuming that there is a List-ID header
> to flag this) and ask ONLY about the other two which are true
> cases of being BCC'ed.
There is another case, which is that of a non-enumerated group,
i.e., something like "Group-name:;" rather than
"Groupd-name:address...;". This could lead to a long
philosophical discussion, but I'd argue that your receiving a
message in which your Group syntax is used but your address does
not appear explicitly is a lot more like a mailing list
situation than list a Bcc, except that "List-*" headers would
not be generated unless there is a mailing list involved too.
If you have headers of, e.g.,
To: joe-blow <at> example.com, Somegroup:;
cc: some-list <at> example.net
then presence of a set of List-& header fields would normally
indicate that you got the message from the list (warning, there
are a few edge cases that aren't hard to construct as well as
list expanders that don't put in List-* header fields) that make
that test less than 100% reliable). Assuming that
joe-blow <at> example.com is not an alias pointing to you, the
absence of List-* headers would indicate either that your are a
member of "Somegroup" or that the message was a bcc to you.
Note also that
To: joe-blow <at> example.com, Somegroup:;
cc: Big-list: some-list <at> example.net;
is also permitted. Some would claim that its semantics are
exactly the same as the example above, others might try to
attribute meaning to the explicit use of group syntax. I have
no idea whether systems that generate "List-* header fields
would consider them different or not.
> With that out of the way, I am reading a received message and
> want my MUA to warn me that replying will expose to whoever I
> reply to via Reply-To-All (ie: The To,Cc,From/Sender
> addresses) that I received a copy (even though not listed as
> To or Cc). Note that this is a warning that the MUA sends me
> when I try to queue/send the reply.
In the examples above, you need worry only about joe-blow and
the mailing list, since the group cannot be replied to and will
be dropped, often without warning, by most MUAs (the others will
get confused). I also note that, unless the membership of the
mailing is available to all list members or perhaps the public,
the cases of "replying to a Bcc" and "replying to a message
delivered via the list" are not as different as you might
assume. In both cases, you are disclosing the fact that you
have received the message to people who might not have any other
way to know that. You sort of cover this below, but I want to
avoid any possible misunderstanding.
> My question is how would it decide that I should be warned in
> lieu of the message actually getting queued/sent. I will
> assume a sanity-check that the warning should NOT be raised if
> the message being replied to has a List-ID header (ie: It is
> OK to reply to mailing list messages since if you only want to
> lurk/monitor you should be cognizant of the fact the message
> came from a mailing list and it is your fault for responding
> if you do not want to indicate you are subscribed). Thus we
> are talking about only true BCC'ed messages. The only way I
> can see for the MUA to detect this is to look for me in the To
> and Cc headers and not finding me there (and not finding a
> List-ID) to issue the warning.
If there is no empty group syntax (for which "(undisclosed
recipients)" is a popular surrogate) and you trust the "List-*"
heuristic, then yes, that works and is the closest approximation
you can get. In practice, there is no way to know with complete
certainty. If an empty group --which, again, is not a bcc--
although you might consider it equivalent for your purposes-- is
present, then the distinction you are trying to make is pretty
Moving back to some of the answers that you don't believe are
relevant to your question, this situation is precisely why
senders who want to warn about inadvertent disclosure of bcc
recipients either insert explicit warnings into the first text/
body part or use a "forward"-like mechanism to send the original
message to the bcc recipient in encapsulated form (maybe also
with a warning).