john1000 Posted October 8, 2006 Share Posted October 8, 2006 hello, been a long time since i was here... i was caught up in a conversation about the bcc. i cant try it but is it realy so that bcc realy hides any address that is in there?....(even in source?..) A year ago or so i received a huge mail of 900kb (ok not much) but i just saw a few text lines. looking inside the source i saw almost 2000 addresses. but im not sure if it was cc or bcc. question is,can a spammer use easely bcc ? Link to comment Share on other sites More sharing options...
Jeff G. Posted October 8, 2006 Share Posted October 8, 2006 can a spammer use easely bcc ?Yes, a spammer can easily use bcc. Most do, and you'll maybe get a "bcc: undisclosed-recipients" if you're lucky. OTOH, some spam programs will just send "to:" a whole lot of recipients (and some badly-configured programs will send "bcc:" a whole lot of recipients, defeating the "blind" in "blind carbon copy"), in which case by default most email client programs will only show a limited number of those recipients by virtue of their design (need to save room on the screen for the other display elements). Link to comment Share on other sites More sharing options...
john1000 Posted October 8, 2006 Author Share Posted October 8, 2006 ah i see,thats bad.... but if programs are used on a hosting account can the host disable anything in his mailserver that prevents the usage of bcc ? Link to comment Share on other sites More sharing options...
Wazoo Posted October 8, 2006 Share Posted October 8, 2006 but if programs are used on a hosting account can the host disable anything in his mailserver that prevents the usage of bcc ? no idea where you are headed with this, so not entirely sure of just what or how you are couching this question. Can something like that be done? Of course, manipulate a bit of code here and there, strip lines, change bits, etc. Would someone do that? Pretty doubtful. More likely would be a screwed up client at "your" end. Can you tell if someone did this? Sure, send yourself an e-mail to another account elsewhere, toss some addresses in the CC: line, some addresses in the BCC: line ..... see what's showing in the received headers. Link to comment Share on other sites More sharing options...
agsteele Posted October 8, 2006 Share Posted October 8, 2006 Like Wazoo, I'm unclear where the question is taking us... But in general, when an Email messages is transmitted it consists of two parts. The main message (which icnludes all the headers and which do not include the bcc information) plus an 'envelope' which does contain the destination information. So the final destination for the bcc is in the envelope. The envelope is discarded during the delivery but the information it contained will appear in the mail server log files. So, the receiving system managers, could, I suppose, write scri_pt to check incoming messages and act on them based upon the message being sent to a bcc address. But that would not conform to the RFCs nor would it help since bcc is widely used in a perfectly legitimate and correct manner. Andrew Link to comment Share on other sites More sharing options...
john1000 Posted October 8, 2006 Author Share Posted October 8, 2006 well i was so certain that every receiver in the bcc could actualy see all addresses. guess i was wrong... Link to comment Share on other sites More sharing options...
Wazoo Posted October 8, 2006 Share Posted October 8, 2006 well i was so certain that every receiver in the bcc could actualy see all addresses. The "B" represents "Blind" .... used so that the other users "don't" see the list of other addresses .... in contrast to the CC: line, which is meant to show everyone involved who else got a copy .... Link to comment Share on other sites More sharing options...
bobbear Posted October 9, 2006 Share Posted October 9, 2006 well i was so certain that every receiver in the bcc could actualy see all addresses. guess i was wrong... Not necessarily wrong - it seems to depend on how it is sent. You can test it yourself - if you send yourself a test message from one domain's SMTP server to another domain using a 'high level' client such as Outlook Express & insert the destination address in the bcc field only, then examine the received source code you will normally see the bcc address included in one of the 'receive' lines, (but obviously not in the 'To' field). However, if you use a 'low level' mail client it must be possible to instruct the receiving mailserver to blank even the appearance of the bcc'ed destination address in the received line as I get many spams where my email address does not appear in the source code at all which makes me wonder how they get to me....(The receiving mailserver must know which pop3 mailbox to put the spam in, but I guess it simply doesn't display the destination address in the received line). The bottom line is that it's possible to manipulate everything in the headers apart from the source IP, & I'm not even 100% sure about that..... Link to comment Share on other sites More sharing options...
john1000 Posted October 9, 2006 Author Share Posted October 9, 2006 ok thanks..... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.