On Mon, 2009-03-23 at 11:13 +0100, Heiko Schlittermann wrote: > If your users have a well working MUA and deliver the mails via SMTP
> you never ever should see BCC headers. And I'd say, even for local
> delivery you can't rely on the MUA setting a BCC header.
In fact you shouldn't rely on the header existing at all. RFC5322 sect
3.6.3 (Destination Address Fields) says:
There are three ways in which the "Bcc:" field is used. In the first
case, when a message containing a "Bcc:" field is prepared to be sent,
the "Bcc:" line is removed... In the second case, recipients specified
in the "To:" and "Cc:" lines each are sent a copy of the message with
the "Bcc:" line removed as above... Finally, since a "Bcc:" field may
contain no addresses, a "Bcc:" field can be sent without any addresses
indicating to the recipients that blind copies were sent to someone.
It is, however, worth noting the comments in sect 5 (Security
Considerations).
In any case, the simple fact is that you cannot rely on the sender or
recipient information as revealed by the From:, To:, Cc: (or Bcc: if it
exists) headers since they are *not* guaranteed to be the same as the
envelope sender or recipient(s). Mailing list messages are a case in
point - the one I'm replying to has the following information contained
within it:
Received: from tahini.csx.cam.ac.uk ([131.111.8.192]) by
boom.graemef.net
with esmtp (Exim 4.69) (envelope-from
<exim-users-bounces+graemef.net@???>) id 1LlhEn-0007LK-1J for
graeme@???; Mon, 23 Mar 2009 10:18:34 +0000
To: exim-users@???
From: Heiko Schlittermann <hs@???>
So the envelope sender is not the same as the From:, and the envelope
recipient is not the same as the To:. The fact that no Bcc: header
exists could, or could not, indicate that I've actually been Bcc'd on
this message.
I accept that this is a slightly contrived example :)
In short, you can only trust the MAIL FROM and RCPT TO parts of the
envelope (ie. the list of recipients and/or sender(s) set at the time of
the transaction). Everything else is simply data.