I have been having a forceful (but polite) argument with two users of
Exim who think it behaves wrongly in its handling of Bcc: header lines.
They are Mutt users, and (by default at least) Mutt leaves in Bcc:
headers in messages it sends to Exim. We had this discussion before, but
maybe opinions have changed, so I thought it worth seeking current
views.
1. Their argument:
Users' expectations nowadays are that no Bcc: header lines are ever
transmitted in headers. Therefore, Exim should remove them, always.
2. My argument:
It is the job of the sending MUA to manipulate Bcc: header lines, not
the job of Exim. [There is just one exception to this, when -t is
used to construct an envelope from header lines. In this case, Exim
is doing part of the MUA's job for it, and it removes the Bcc:
header in this case only.]
Background: The only place where Bcc: is discussed is RFC 822 (and its
draft revision). This states that the primary and secondary recipients
of a message (those in the To: and Cc: header lines) should not receive
a Bcc: line. Other recipients (the Bcc: recipients) may or may not see a
Bcc: line - this is somebody's choice (you may want to let a number of
Bcc: recipients all see who they are).
2a. I argue that the choice can be made only in the MUA. If an MTA has
to do anything, all it can do is remove Bcc: completely; it can't
offer the sender a choice.
If it is the case that all users expect Bcc: never to be sent out, and
the option of including it for some (bcc) recipients is in practice
something that is never used or wanted, then Exim could of course be
made to remove it (possibly optionally) to catch cases where the MUA
doesn't.
Questions: 1. Should Exim always remove Bcc: header lines:
(a) On messages received locally, not via SMTP?
(b) On messages received using local SMTP on stdin/stdout?
(c) On messages received using SMTP over the loopback
interface?
(d) On messages received from other hosts? Note that this
includes "local" mail from MUAs on workstations, etc.
2. If the answer to any of 1 is yes, should this be
optional?
3. What does Sendmail do? (The book doesn't seem to say.)
4. What do other MTAs do? I will collect and publish a
summary of any information collected.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.