[exim] OT: are BCC header lines legitimate ?

Pàgina inicial
Delete this message
Reply to this message
Autor: Olaf Hopp (SCC)
Data:  
A: 'Mailing List'
Assumpte: [exim] OT: are BCC header lines legitimate ?
Sorry for being a bit off topic:
recently we had incoming phishing mails which all had a BCC header line.
So I thought, that's easy to defend and I introduced a data ACL

    deny condition   = ${if def:h_BCC: {yes}{no}}


My logs revealed a lot of them and I was afraid of doing some overblocking.
So I changed the "deny" into a "warn", shifted the ACL further down below spam
and virus scan and added some logging.

The outcome is that there are really a bunch of incoming mails
with a BCC header, which seems to be no spam.

And forthermore about 90% are coming from Google hosts like e.g. mail-qk1-x742.google.com

So my question for discussion here:
is there any legitimate use to have a BCC header present
or is this all crap and can be rejected ?

My understanding is that when I use BCC in my MUA there is one mail
with two (or more) envelope recipients but no BCC header.
The BCC header is only present in the copy in my sent folder.

Regards, Olaf

--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)

Dipl.-Geophys. Olaf Hopp

Zirkel 2
Gebäude 20.21, Raum 316
76131 Karlsruhe

Telefon: +49 721 608-48009
E-Mail: Olaf.Hopp@???
Web: www.scc.kit.edu

Sitz der Körperschaft:
Kaiserstraße 12, 76131 Karlsruhe

KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft