On Wed, Apr 24, 2002 at 10:49:08AM +0200, Ishay Sommer (ishaybasat_private) wrote: > Hello. > > The problem is that, each one of the recipients receives to his mailbox > the spam warning message, > including all addresses of which the original message was sent to, even > if they were sent as Bcc: Bcc: is *never* reliable unless you already know the behavior of all of the mail transports along the way. RFC 2821 states: Especially when more than one RCPT command is present, and in order to avoid defeating some of the purpose of these mechanisms, SMTP clients and servers SHOULD NOT copy the full set of RCPT command arguments into the headers, either as part of trace headers or as informational or private-extension headers. Since this rule is often violated in practice, and cannot be enforced, sending SMTP systems that are aware of "bcc" use MAY find it helpful to send each blind copy as a separate message transaction containing only a single RCPT command. It's important to note that it says SHOULD NOT, and not MUST NOT. > This is a serious security disclosure vulnerability, as all of the > message's recipients, now have all the email addresses who were > suppose to be kept secret. While I agree it should be fixed, there's really no reason to think that Bcc: is going to be kept secret. If it's not implemented as a separate message transaction, you're handing the data to a system you don't trust and saying "Here, do with this what you will". Of course, the reliable fix for this is for your local MTA or MUA to implement Bcc: as a separate message transaction, because they are the only trustworthy links in the message path. -Rich -- Rich Lafferty --------------+----------------------------------------------- Ottawa, Ontario, Canada | Save the Pacific Northwest Tree Octopus! http://www.lafferty.ca/ | http://zapatopi.net/treeoctopus.html richat_private -----------+-----------------------------------------------
This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 22:02:23 PDT