Blind Carbon Copy
Encyclopedia
In the context of correspondence, blind carbon copy (abbreviated Bcc:) refers to the practice of sending a message to multiple recipients in such a way that conceals the fact that there may be additional addressees from the complete list of recipients. This concept originally applied to paper correspondence and now also applies to email
.
In some circumstances, the typist creating a paper correspondence must ensure that multiple recipients of such a document not see the names of other recipients. To achieve this the typist can:
With email, recipients of a message are specified using addresses in any of these three fields:
It is common practice to use the Bcc: field when addressing a very long list of recipients, or a list of recipients that should not (necessarily) know each other, e.g. in mailing lists.
The internet standard
for e-mail messages is RFC 2822 and the Bcc: header is discussed in section 3.6.3. It is unclear whether Bcc: is designed to ensure the Bcc: addresses are hidden from each other. On the one hand, it says:
It also states:
Which method to use with Bcc: fields is implementation dependent and may depend on both one's mail user agent
(e.g. Outlook, Thunderbird
) and mail submission agent
(usually provided by one's ISP
).
Since the hiding of the Bcc: addresses from other Bcc: addresses is not required by RFC 2822, one cannot assume the Bcc: addresses will be hidden from other Bcc: addresses.
and not the original meaning; the historic RFC 733 has an explicit "blind carbon" annotation in its definition of the Bcc: header field syntax. "Cc:" and "Bcc:" mean "carbon copy" and "blind carbon copy" respectively.
Sending courtesy copies of mailing list replies also directly to the author(s) of answered message(s) is a common practice on some lists, and matches a new interpretation of "Cc:" as abbreviation for "courtesy copy".
Email
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
.
In some circumstances, the typist creating a paper correspondence must ensure that multiple recipients of such a document not see the names of other recipients. To achieve this the typist can:
- Add the names in a second step to each copy, without carbon paperCarbon paperCarbon paper is paper coated on one side with a layer of a loosely bound dry ink or pigmented coating, usually bound with wax. It is used for making one or more copies simultaneous with the creation of an original document...
; - Set the ribbon not to strike the paper, which leaves names off the top copy (but may leave letter impressions on the paper).
With email, recipients of a message are specified using addresses in any of these three fields:
- To: Primary recipients
- Cc: Carbon copyCarbon copyCarbon copying, abbreviated cc or c.c., is the technique of using carbon paper to produce one or more copies simultaneously during the creation of paper documents...
to secondary recipients—other interested parties - Bcc: Blind carbon copy to tertiary recipients who receive the message. The primary and secondary recipients cannot see the tertiary recipients. The tertiary recipients can only see their own email address in Bcc.
It is common practice to use the Bcc: field when addressing a very long list of recipients, or a list of recipients that should not (necessarily) know each other, e.g. in mailing lists.
Benefits
There are a number of reasons for using this feature:- BCC is often used to prevent an accidental "Reply All" from sending a reply intended for only the originator of the message to the entire recipient list.
- To send a copy of one's correspondence to a third party (for example, a colleague) when one does not want to let the recipient know that this is being done (or when one does not want the recipient to know the third party's e-mailE-mailElectronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
address, assuming the other recipient is in the To: or Cc: fields). - To send a message to multiple parties with none of them knowing the other recipients. This can be accomplished by addressing a message to oneself and filling in the actual intended recipients in the Bcc: field. However, this does not ensure that the Bcc: addresses will be hidden from other Bcc: addresses in all implementations.
- To prevent the spread of computer virusesComputer virusA computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
, spamSpamSpam may refer to:* Spam , a canned pork meat product* Spam , unsolicited or undesired electronic messages* E-mail spam, unsolicited or undesired email messages* "Spam" , a comedy sketch...
, and malwareMalwareMalware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
by avoiding the accumulation of block-list e-mail addresses available to all Bcc: recipients.
Visibility
In most implementations, the recipient of an email can see any email address specified by the Sender in the To: or Cc: fields. If on the other hand the Sender has specified addresses in the Bcc: field, the recipient in this case cannot see these Bcc addresses.The internet standard
Internet standard
In computer network engineering, an Internet Standard is a normative specification of a technology or methodology applicable to the Internet. Internet Standards are created and published by the Internet Engineering Task Force .-Overview:...
for e-mail messages is RFC 2822 and the Bcc: header is discussed in section 3.6.3. It is unclear whether Bcc: is designed to ensure the Bcc: addresses are hidden from each other. On the one hand, it says:
- The "BCC:" field (where the "BCC" means "Blind Carbon Copy") contains addresses of recipients of the message whose addresses are not to be revealed to other recipients of the message.
It also states:
- There are three ways in which the "BCC:" field is used.
- In the first case, when a message containing a "BCC:" field is prepared to be sent, the "BCC:" line is removed even though all of the recipients (including those specified in the "BCC:" field) are sent a copy of the message.
- In the second case, recipients specified in the "To:" and "CC:" lines each are sent a copy of the message with the "BCC:" line removed as above, but the recipients on the "BCC:" line get a separate copy of the message containing a "BCC:" line. (When there are multiple recipient addresses in the "BCC:" field, some implementations actually send a separate copy of the message to each recipient with a "BCC:" containing only the address of that particular recipient.)
- Finally, since a "BCC:" field may contain no addresses, a "BCC:" field can be sent without any addresses indicating to the recipients that blind copies were sent to someone.
Which method to use with Bcc: fields is implementation dependent and may depend on both one's mail user agent
E-mail client
An email client, email reader, or more formally mail user agent , is a computer program used to manage a user's email.The term can refer to any system capable of accessing the user's email mailbox, regardless of it being a mail user agent, a relaying server, or a human typing on a terminal...
(e.g. Outlook, Thunderbird
Mozilla Thunderbird
Mozilla Thunderbird is a free, open source, cross-platform e-mail and news client developed by the Mozilla Foundation. The project strategy is modeled after Mozilla Firefox, a project aimed at creating a web browser...
) and mail submission agent
Mail submission agent
A mail submission agent is a computer program or software agent that receives electronic mail messages from a mail user agent and cooperates with a mail transfer agent for delivery of the mail...
(usually provided by one's ISP
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
).
Since the hiding of the Bcc: addresses from other Bcc: addresses is not required by RFC 2822, one cannot assume the Bcc: addresses will be hidden from other Bcc: addresses.
Security considerations
Both RFC 2821 and RFC 2822 discuss problems with Bcc: in their "Security Consideration" sections, in part because, as mentioned above, the processing for the Bcc: header is not standardized and there are several different ways that it can commonly be implemented.- RFC 2821 notes that some mail systems will add private headers showing all recipients that the e-mail was sent to, thus leaking the Bcc: list.
- RFC 2822 notes three problems:
- If the Bcc: header is completely removed, people who receive a blind copy may not notice they are not on either the To: or Cc: and reply to everyone, thus leaking that blind copies were sent.
- If the Bcc: header is not removed for people being sent a blind copy, then all blind copy recipients will know who got blind copies.
- If the email addresses on the Bcc: header are removed, but the header is not, this will leak the fact that some blind copies were sent.
- E-mail spamE-mail spamEmail spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
occasionally uses Bcc: to create fake accidental leaks of confidential information, e.g. in a variant of the pump and dumpPump and dump"Pump and dump" is a form of microcap stock fraud that involves artificially inflating the price of an owned stock through false and misleading positive statements, in order to sell the cheaply purchased stock at a higher price....
scheme.
Carbon vs Courtesy
The interpretation of "Bcc:" as "blind courtesy copy" is a backronymBackronym
A backronym or bacronym is a phrase constructed purposely, such that an acronym can be formed to a specific desired word. Backronyms may be invented with serious or humorous intent, or may be a type of false or folk etymology....
and not the original meaning; the historic RFC 733 has an explicit "blind carbon" annotation in its definition of the Bcc: header field syntax. "Cc:" and "Bcc:" mean "carbon copy" and "blind carbon copy" respectively.
Sending courtesy copies of mailing list replies also directly to the author(s) of answered message(s) is a common practice on some lists, and matches a new interpretation of "Cc:" as abbreviation for "courtesy copy".