Sorry for being a bit off topic:
recently we had incoming phishing mails which all had a BCC header line.
So I thought, that's easy to defend and I introduced a data ACL
deny condition = ${if def:h_BCC: {yes}{no}}
My logs revealed a lot of them and I was afraid of doing some overblocking.
So I changed the "deny" into a "warn", shifted the ACL further down below spam
and virus scan and added some logging.
The outcome is that there are really a bunch of incoming mails
with a BCC header, which seems to be no spam.
And forthermore about 90% are coming from Google hosts like e.g. mail-qk1-x742.google.com
So my question for discussion here:
is there any legitimate use to have a BCC header present
or is this all crap and can be rejected ?
My understanding is that when I use BCC in my MUA there is one mail
with two (or more) envelope recipients but no BCC header.
The BCC header is only present in the copy in my sent folder.
Regards, Olaf
--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)
Dipl.-Geophys. Olaf Hopp
Zirkel 2
Gebäude 20.21, Raum 316
76131 Karlsruhe
Telefon: +49 721 608-48009
E-Mail: Olaf.Hopp@???
Web:
www.scc.kit.edu
Sitz der Körperschaft:
Kaiserstraße 12, 76131 Karlsruhe
KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft
