RE: [Full-Disclosure] a question about e-mails

From: Rainer Gerhards (
Date: 02/26/04

  • Next message: "[Full-Disclosure] What's wrong with this picture?"
    To: "Sandeep Sengupta" <>, <>, <>, <>
    Date: Thu, 26 Feb 2004 17:55:39 +0100

    > Do a "REPLY ALL" (MS Outlook/express)
    > All the email ids in TO, CC, BCC will be displayed.

    BCC will not. The reason is that BCC recipients are only in the
    envelope, which should not be seen by the MUA (mail user agent, e.g.
    outlook). All non-broken implementations do this right (and I don't know
    a broken implementation that does *this* wrong).

    The only way you can see BCC recipients is if you

    a) have access to the first server used to transmit the message
       (the sender's server)
    b) this server has detailled-enough logging active
    c) you can access & review the logs

    Subsequent servers (recipient's servers) do NOT have full BCC
    information, not even in their logs. This is because the sending server
    does not mention envelope recipients that are not on the target server.

    For the same reasons, envelope recipients and body recipients ("TO:",
    "CC:") can be totally differnet (yet another way to fake things).

    All of this, of course, is nicely documented in the SMTP RFCs (which I
    don't all know by number - RFC 822 may be a good starting point, google
    may be another ;)).


    Full-Disclosure - We believe in it.

  • Next message: "[Full-Disclosure] What's wrong with this picture?"