Security Considerations
Both RFC 2821 and RFC 2822 discuss problems with Bcc: in their "Security Consideration" sections, in part because, as mentioned above, the processing for the Bcc: header is not standardized and there are several different ways that it can commonly be implemented.
- RFC 2821 notes that some mail systems will add private headers showing all recipients that the e-mail was sent to, thus leaking the Bcc: list.
- RFC 2822 notes three problems:
- If the Bcc: header is completely removed, people who receive a blind copy may not notice they are not on either the To: or Cc: and reply to everyone, thus leaking that blind copies were sent.
- If the Bcc: header is not removed for people being sent a blind copy, then all blind copy recipients will know who got blind copies.
- If the email addresses on the Bcc: header are removed, but the header is not, this will leak the fact that some blind copies were sent.
- E-mail spam occasionally uses Bcc: to create fake accidental leaks of confidential information, e.g. in a variant of the pump and dump scheme.
Read more about this topic: Blind Carbon Copy
Famous quotes containing the word security:
“...I lost myself in my work and never felt that marriage would give me the security I wanted. I thought that through the trade union movement we working women could get better conditions and security of mind.”
—Mary Anderson (1872–1964)