RE: [Full-Disclosure] a question about e-mails
From: Rainer Gerhards (rgerhards_at_hq.adiscon.com)
To: "Sandeep Sengupta" <firstname.lastname@example.org>, <email@example.com>, <firstname.lastname@example.org>, <email@example.com> Date: Thu, 26 Feb 2004 17:55:39 +0100
> Do a "REPLY ALL" (MS Outlook/express)
> All the email ids in TO, CC, BCC will be displayed.
BCC will not. The reason is that BCC recipients are only in the
envelope, which should not be seen by the MUA (mail user agent, e.g.
outlook). All non-broken implementations do this right (and I don't know
a broken implementation that does *this* wrong).
The only way you can see BCC recipients is if you
a) have access to the first server used to transmit the message
(the sender's server)
b) this server has detailled-enough logging active
c) you can access & review the logs
Subsequent servers (recipient's servers) do NOT have full BCC
information, not even in their logs. This is because the sending server
does not mention envelope recipients that are not on the target server.
For the same reasons, envelope recipients and body recipients ("TO:",
"CC:") can be totally differnet (yet another way to fake things).
All of this, of course, is nicely documented in the SMTP RFCs (which I
don't all know by number - RFC 822 may be a good starting point, google
may be another ;)).
Full-Disclosure - We believe in it.