<<< Date Index >>>     <<< Thread Index >>>

Re: mutt/2111: ESMTP patch: does not strip Bcc: header



The following reply was made to PR mutt/2111; it has been noted by GNATS.

From: Derek Martin <invalid@xxxxxxxxxxxxxx>
To: bug-any@xxxxxxxxxxxxx
Cc: Mutt Developers <mutt-dev@xxxxxxxx>, wildenhues@xxxxxxxxxxxxxxx
Subject: Re: mutt/2111: ESMTP patch: does not strip Bcc: header
Date: Fri, 14 Oct 2005 11:48:26 -0400

 --W/nzBZO5zC0uMSeA
 Content-Type: text/plain; charset=iso-8859-1
 Content-Disposition: inline
 
 On Fri, Oct 14, 2005 at 07:29:05AM +0200, Brendan Cully wrote:
 > I'm refiling this as a change-request because (as with the sendmail
 > interface) the result seems to depend on the other end of the
 > connection. In my testing (with postfix and iPlanet), the Bcc header
 > was eaten anyway. I suppose it's possible that happened on delivery,
 > but that would be a little strange...  I've attached a patch (apply
 > smtp.11 first), but since I'm not sure why $write_bcc exists in the
 > first place I'm reluctant to apply it as of now...  I'm also not
 > sure whether 3rd-party patch bugs belong on the mutt BTS, but it's
 > convenient for me, and maybe we can call this one a 1st-party patch
 > :)
 
 There are two schools of thought about how to handle the Bcc: header.
 
 One is that the MUA should include Bcc headers if the user wants them
 to appear in the message, and exclude them if the user wants them
 excluded.  Thus the MTA should not touch them.
 
 The other school is that the privacy of Bcc must be maintained, so it
 should always be stripped when it is encountered by the MTA.
 
 Exim (by default) subscribes to the first school, while most other
 mailers (by default) subscribe to the latter.
 
 The reason the behavior with exim differs between using the sendmail
 program to submit, and using SMTP to submit, is that exim treats the
 former as an MUA submission, and removes Bcc headers.  However when
 mail arrives via SMTP, it can not be sure that this was a submission,
 and hence it assumes that any Bcc headers present in the message are
 intended to be there, and passes them on as-is.
 
 There are other mailers that behave like exim, too.  I think Lotus
 Notes is one, but I can't remember.
 
 So the bottom line is users should unset write_bcc if they don't want
 the Bcc headers to appear in the message, and I think probably that
 should be the default in Mutt, since the average user will not even
 know what MTA they are using, never mind how it behaves WRT Bcc
 headers, and write_bcc=no is by far the safest default.
 
 FWIW, there is the idea that users who have been Bcc'd should be able
 to see a Bcc header indicating that they have been Bcc'd.  The only
 way to make this work is for the MUA to send one copy of the message
 per Bcc recipient, plus another copy for all non-Bcc recipients.  The
 trouble is this only works with certain mailers, such as exim, because
 the others remove the Bcc header.  The idea in removing the headers is
 that if your name isn't in one of the non-blind recipient headers, you
 should be able to figure out that you were Bcc'd.  
 
 The trouble with that line of thinking, though, is that many, if not
 most users don't read the recipient headers.  Thus it sometimes
 happens that a Bcc recipient replies to everyone without realizing
 that they were Bcc'd, and alerting everyone to the fact that they were
 Bcc'd, which may cause embarrasment or worse problems for the original
 sender.
 
 -- 
 Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
 -=-=-=-=-
 This message is posted from an invalid address.  Replying to it will result in
 undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.
 
 
 --W/nzBZO5zC0uMSeA
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.2.1 (GNU/Linux)
 
 iD8DBQFDT9NKHEnASN++rQIRAi/gAKDDS+oUTlR/ejL0dV/aFUTflMkgxgCggT/1
 5st7xl+AeE9YrdeVW0DirL8=
 =8ZI/
 -----END PGP SIGNATURE-----
 
 --W/nzBZO5zC0uMSeA--