[LINK] RFI: SMTP-Server Norms

Roger Clarke Roger.Clarke at xamax.com.au
Thu Nov 24 10:39:16 AEDT 2011

I'm intrigued by the headers of an email I received today.

A common use of the Bcc: area is for broadcasting to multiple 
addressees, while avoiding exposure of the addressees to one another 
and/or to spambots.

As I understand it, the norm is that the SMTP-server local to the 
sender generates one copy per addressee in the Bcc: area, and then 
drops the Bcc: line from the outgoing messages.

As a result, a recipient never sees either the Bcc: line or any of 
the content of the Bcc: line that was in the email-at-origin.

The extract from the headers below shows not one, but two, Bcc: 
lines, but containing only the address to which my copy came.

So I guess RFC821/2821/5321 is vague on whether the Bcc: line is 
carried over?  And it's up to the implementor to decide whether to do 

There's no leakage of information, given that any other entries on 
the line were suppressed, i.e. 'you only see yourself'.  So I guess 
it's okay, right?

From: <email-address>
To: <same email-address>
Bcc: roger.clarke at xamax.com.au
X-System-Of-Record: true
Bcc: roger.clarke at xamax.com.au

It originated in the google.com domain
Message-ID: <STRING at mail.gmail.com>

[There was no X-Mailer: header in the message.]

I use a filter to generate an extra copy of every gmail message that 
gets foisted on me by people eager to gift my conversations to Google 
Inc.  It shows Bcc: in only 7% of the copies I have in that mailbox.

[For clarity, the email is part of a conversation with someone in the 
google.com domain - I do talk with them (:-)} - and there's nothing 
whatsoever untoward in the message.  It's the headers that interest 

Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list