Blind carbon copy
From Wikipedia, the free encyclopedia
This article may require cleanup to meet Wikipedia's quality standards. Please improve this article if you can. (February 2008) |
This article or section includes a list of references or external links, but its sources remain unclear because it lacks in-text citations. You can improve this article by introducing more precise citations. |
- For other uses see BCC.
In the context of e-mail, blind carbon copy (abbreviated BCC and sometimes referred to as Blind Courtesy Copy) refers to the practice of sending a message to multiple recipients in such a way that what they receive does not contain the complete list of recipients.
It was also used, though rarely and with more difficulty in preparation, in typewritten correspondence by ensuring BCC and the names did not appear on the top copy (the original); the most discreet (though troublesome) method was to roll the copies through the typewriter again without the top copy, and type the BCC information onto the otherwise-completed copies. An alternate way is to switch the ribbon setting to strike the paper without raising the ribbon over the area being struck; this, however, leaves impressions in the surface of the paper.
To specify the recipients, an e-mail message can contain addresses in any of the 3 following fields:
- To: field recipients are the audience of the message
- CC: field recipients are others whom the author wishes to publicly inform of the message (carbon copy)
- BCC: field recipients are those being discreetly or surreptitiously informed of the communication and cannot be seen by any of the other addressees.
It is common practice to use the BCC: field when addressing a very long list of recipients, or a list of recipients that should not (necessarily) know each other, e.g. in mailing lists.
Contents |
[edit] Benefits
There are a number of reasons for using this feature:
- To send a copy of your correspondence to a third party (for example, a colleague) when you do not want to let the recipient know that you are doing this (or when you do not want the recipient to know the third party's e-mail address).
- To send a message to multiple parties with none of them knowing the other recipients. This can be accomplished by addressing a message to oneself and filling in the actual intended recipients in the BCC field.
- When sending an e-mail to multiple recipients, you can hide their e-mail addresses from each other. This is a sensible anti-spam precaution because it avoids making a long list of e-mail addresses available to all the recipients (which is what happens if you put everyone's address in the To: or CC: fields). For this reason, it often makes sense to use the BCC: field for mailing lists. Some viruses also harvest e-mail addresses from users' cache folder or addressbook, and large CC lists may further the propagation of unwanted viruses, giving another reason to use BCC.
[edit] Original intended use
Any recipients can see all e-mail addresses specified in the To: and CC: fields. No recipients can see any e-mail address (other than their own) in the BCC: field.
The internet standard for e-mail messages is RFC 2822 and the BCC header is discussed in section 3.6.3. It is unclear whether BCC: is designed to ensure the BCC: addresses are hidden from each other. On the one hand, it says:
- The "BCC:" field (where the "BCC" means "Blind Carbon Copy") contains addresses of recipients of the message whose addresses are not to be revealed to other recipients of the message.
It also states:
- There are three ways in which the "BCC:" field is used.
- In the first case, when a message containing a "BCC:" field is prepared to be sent, the "BCC:" line is removed even though all of the recipients (including those specified in the "BCC:" field) are sent a copy of the message.
- In the second case, recipients specified in the "To:" and "CC:" lines each are sent a copy of the message with the "BCC:" line removed as above, but the recipients on the "BCC:" line get a separate copy of the message containing a "BCC:" line. (When there are multiple recipient addresses in the "BCC:" field, some implementations actually send a separate copy of the message to each recipient with a "BCC:" containing only the address of that particular recipient.)
- Finally, since a "BCC:" field may contain no addresses, a "BCC:" field can be sent without any addresses indicating to the recipients that blind copies were sent to someone.
Which method to use with "BCC:" fields is implementation dependent and may depend on both your mail user agent (e.g. Outlook, Thunderbird) and your mail transfer agent (usually provided by your ISP).
[edit] Security considerations
Both RFC 2821 and RFC 2822 discuss problems with BCC in their "Security Consideration" sections, in part because, as mentioned above, the processing for the BCC header is not standardized and there are several different ways that it can commonly be implemented.
- RFC 2821 notes that some mail systems will add private headers showing all recipients that the e-mail was sent to, thus leaking the BCC list.
- RFC 2822 notes three problems:
- If the BCC header is completely removed, people who receive a blind copy may not notice they are not on either the To: or CC: and reply to everyone, thus leaking that blind copies were sent.
- If the BCC header is not removed for people being sent a blind copy, then all blind copy recipients will know who got blind copies.
- If the email addresses on the BCC header are removed, but the header is not, this will leak the fact that some blind copies were sent.
- E-mail spam occasionally uses BCC to make certain types of spam e-mail look more convincing—by hiding your e-mail, the spammer hopes to trick you into believing you've accidentally received a legitimate e-mail message that was not intended for you. For example, you may receive an e-mail with apparently confidential information on a particular company's stock - indicating it is about to rise. You then may buy stock in the company to make a quick profit. If a number of people who receive the message fall for this, the stock may indeed rise. At which point, the spammer sells their own stock at a profit, before the value collapses again.
[edit] Carbon vs courtesy
That "bcc" can additionally mean "blind courtesy copy" is a backronym and was never the original meaning.[citation needed] The original "cc:" and "bcc:" meant "carbon copy" and "blind carbon copy" respectively. Prior to the widespread use of copy machines, all[citation needed] copies of correspondence were made using carbon paper. The first "c" in "bcc:" did not change its meaning from "carbon" in "cc:" to meaning "courtesy" in "bcc:". However, this common mis-reading has found its way into the language through years of mistaken interpretation.[citation needed]
[edit] See also
- Carbon copy (CC)