On Fri, Jul 23, 2004 at 11:09:55AM +0100, Philip Hazel wrote:
> > However, RFC 2822 DOES NOT ALLOW for the recipients named in the To:
> > and the Cc: lines to receive copies of the Bcc: lines.
>
> Sure. But it does not make it clear whose job it is to enforce this.
With more reflection, I think what is needed is some way for the
client to tell the MTA what to do. [I'm still operating under the
assumption that because much of the necessary code already exists in
the MTA, and there ar far fewer of them, it's much more efficient to
handle this on the MTA side.] I suggest a Bcc-Action: header, with
the following possible values:
As-is
Don't do any processing to the Bcc line. The client is taking
the responsibility upon itself.
One-recipient
Send individual copies to Bcc recipients, with a Bcc line that
mentions only them.
All-recipients
Send Bcc recipients a copy with the entire original Bcc line
In order to safeguard the users as much as possible, if the header is
missing, the default action should be One-recipient. The MTA would be
required to check for this header and process the message
appropriately. Clients which really do want to provide the user with
a choice can provide a configuration option/variable and set the
header accordingly. Those which don't bother would get the behavior
expected by most people (the normal recipients can't see the Bcc
line), which would also happen to address all of the security issues
brought up by RFC 2822 in Section 5.
Thoughts? I'm asking here because the discussion is current here, and
the people here seem to be generally clueful.
--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D