Is it a good idea to trust BCC to not reveal other people's addresses?

Question

I'm using PHPMailer to send emails with SMTP from my script. The emails in question are actually cell numbers utilizing email-to-SMS gateways. Now, ideally I want to build up a big BCC list to send everything in one batch instead of looping through a big list of addresses and sending them one at a time.

Should I completely trust BCC functionality to hide other recipient's addresses (which in this case are mostly phone numbers)?

Answer 1

From Wikipedia:

RFC 3864 describes registration procedures for message header fields at the IANA; it provides for permanent and provisional message header field names, including also fields defined for MIME, netnews, and http, and referencing relevant RFCs. Common header fields for email include: Bcc: Blind Carbon Copy; addresses added to the SMTP delivery list but not (usually) listed in the message data, remaining invisible to other recipients.

It's up to you to figure out if you care for "usually".

Answer 2

BCC ("Blind Carbon Copy") should not be visible to any other recipients, and should (in the majority of cases) be secure. Of course, nothing is perfect. If you wanted to be 100% certain that the email addresses remained secure, just create a loop and send a separate email for each of the numbers/addresses individually.

So, instead of:

/* $mailer assumed as PHPMailer Object */
foreach( $recipient as $r ){
  $mailer->AddBCC( $r['emailAddress'] );
}
$mailer->Send();

You could use:

/* $mailer assumed as PHPMailer Object */
foreach( $recipient as $r ){
  $mailer->ClearAllRecipients();
  $mailer->AddAddress( $r['emailAddress'] );
  $mailer->Send();
}

Answer 3

Gmail will show all Bcc addresses.

To see this, open your gmail account, compose a new email to yourself and bcc a fake address (i.e. fakeaddress@fakeaddress123.com)

When you receive the email, click the 'Show Details' button and you'll be able to see the Bcc's. I've used Gmail bcc before...it didn't end well.

Answer 4

A number of MTAs will respond to a broken To field by dumping all the BCC addresses into an "Apparently-To" header---not what you want. Sounds like you'd benefit from reading up on SMTP: there are two places where To addresses are set, and they need not be the same. Set the envelope address to what you need, and the data To address to some convenient gibberish.

Answer 5

I trust computer software about as far as I can comfortably spit out a rat (attribution required to the excellent "BlackAdder" TV show for that little gem).

If you're worried about it, don't use it. I'm sure people thought their Facebook profiles were safe as well. Not to mention all the credit card numbers that have been released to the wild by supposedly secure sites.

Answer 6

That might be depend on the implementation, but I think that most of them would not reveal emails in a BCC, after all that's what it's meant to do.

There's an easy way to find out, just send an email to yourself, put some addresses in the BCC list and check the raw message to see if you can find the BCC'd emails.

Answer 7

The phone numbers are going out over the wire in clear-text. Whether it's in the "To:" or "Bcc:" line; whether it's one e-mail at a time or the whole batch at once.

So the real questions are: 1. Do you trust your transport (in terms of confidentiality) ... and ... 2. Which is the more efficient method?

Sounds like you probably have no choice about e-mailing the phone#'s ... ... and it also sounds like "send-all-at-once" might be considerably more efficient.

IMHO .. PSM

PS: "On the third hand..." - I don't think the "bcc" phone #'s will ever show up on any recipient's cell phone. So I honestly don't think that's an issue...

Answer 8

Yes. That is the point of the BCC: field in the first place.