FAQ / Miscellaneous / Q5004
Q5004
Question
I've recently noticed that emails I send with a Bcc: line are being delivered to their final destination with the Bcc: line still present.
Answer
Exim removes Bcc: lines only if you call it with the -t option (i.e. when it is acting partly as an MUA). It does not remove Bcc: lines that are present in incoming SMTP mail or command-line mail that does not use -t. Indeed, it should not remove them, because only the initiating software (i.e. the MUA) can tell what to do with Bcc: lines; any MTA software has to leave them alone. This is what RFC 2822 has to say about Bcc: The Bcc: field (where the “Bcc” means “Blind Carbon Copy”) contains addresses of recipients of the message whose addresses are not to be revealed to other recipients of the message. There are three ways in which the Bcc: field is used. In the first case, when a message containing a Bcc: field is prepared to be sent, the Bcc: line is removed even though all of the recipients (including those specified in the Bcc: field) are sent a copy of the message. In the second case, recipients specified in the To: and Cc: lines each are sent a copy of the message with the Bcc: line removed as above, but the recipients on the Bcc: line get a separate copy of the message containing a Bcc: line. (When there are multiple recipient addresses in the Bcc: field, some implementations actually send a separate copy of the message to each recipient with a Bcc: containing only the address of that particular recipient.) Finally, since a Bcc: field may contain no addresses, a Bcc: field can be sent without any addresses indicating to the recipients that blind copies were sent to someone. Which method to use with Bcc: fields is implementation dependent, but refer to the “Security Considerations” section of this document for a discussion of each.
FAQ / Miscellaneous / Q5004