Blind Carbon Copies: Clues?

I was wondering when I send a blind copy email to someone if either recieving party is able to tell that the email had also been sent to someone else? If so, how would they tell?

As far as I know, it really is blind. If there is any way to find out, I sure don’t know it.

I didn’t think so either QED, but I should probably be 100% sure in this case. I sent an email to someone and blind copied another. The other guy found out about the blind copy and now I’m in deep trouble. It was probably some kind of ninja inspired subterfuge, but I want to be certain. Thanks!

As I understand it, bcc is a directive to the server to only include header information about a particular bcc recipient in that recipient’s copy of the mail. In that case, there’s no way for a recipient to examine the mail and find other bcc recipients.

If you send e-mail to

To: A, B
Cc: C, D
Bcc: E, F
A, B, C, and D know of each other as a recipient. They could know that E and F got a blind copy if they have access to the logs of the sending or an intermediate server - they’t just need to check to whom an e-mail by the same sender was routed to at the same time.

E and F know that the message was sent to A, B, C, and D. What RFC 2822 does not specify is whether E also knows that F got a blind copy, and vice versa. That is left as a choice to the server software’s designers.

Hmm, thats pretty much what I had thought. Its basically setup so a blind copy mails a seperate email for them which is not really associated with the original. Could be ninja skills then. But, does anyone know about GroupWise logs? Could internal email show a blind copy with the logs? Its possible he has access to them.

Is it possible that the bcc recieving party mentioned the mail to a straight to a to or cc recieving party?

Just send yourself a copy of the email & look at the header.

I’ve checked the headers and never saw reference to a BCC reciepent. I think now after all this that it was in fact a ninja-inspired escapade that this guy did to read the email.

Well, with Groupwise, there are a couple of other ways recipient A could have read recipient bcc’s mail (and thus seen that he was bcc’ed).

  1. Recipient A has proxy access to bcc’s email.
  2. Recipient bcc does not have a password set for his Groupwise account. User A walked over to his PC, already authenticated through the Novell login, and opened his mail. Or Recip. A. just left Groupwise running on his PC.
  3. Recip bcc had Groupwise Notify running and A saw the notification on bcc’s screen.

We run GroupWise here, and I don’t even know if there is a logfile that could track messages sent and recieved with full header info, but I don’t think there is. The amount of time I spend on administering the system, other than creating user accounts and resetting passwords, is pretty close to zero. Yeah, it’s that good.
If a user has a password on their account, the only way I could read their emails on the sly would be to reset the password and log into Groupwise as them. The problem is, how am I going to set the password back to what they had it set to, since I have no way of knowing what it was? If the user doesn’t have a password, it’s easier, since I just have to set one, log in, and then clear it. But I don’t know of any way to tell if they have a password set or not.

Damn clever tourbot, that part about proxy access, never occured to me. I know it will log pretty much all your external mail out of the building, but internally I haven’t had much luck. Just out of curiosity, do you work for a healthcare company? Its hard to find other GroupWise users these days!

I work for a not for profit, and GroupWise was donated by Novell a few years back. We are planning on replacing most of our Novell servers with MS next year (mainly because hiring new staff, should one of the three of us leave, would be cheaper and easier), but the boss has stated that he doesn’t foresee ever switching from GroupWise. Like I said, it’s that good. I know GW marketshare has slipped, and I’ve never worked with Lotus, but come on… who are the people picking Exchange over GroupWise?? (I would pick a tin can and string over Exchange.)

There is one other way to read other peoples mail, but it requires having a duplicate GW post office set up. This is sometimes done for fault tolerance and to make restoring backups easier (for instance, you could restore a single user’s mail rather than the whole domain). If such a setup is in place, it’s easy to copy over the user db files and just read the mail off the backup system.

The most common way for the primary recipient to become aware that the message has been blind copied, is for the blind-copied-recipient (wanting to respond to the sender) clicking ‘reply all’ instead of ‘reply’.

Yeah, I can only imagine how many plots have been foiled this way…this is the one case where the stupid confirmation dialogue box would come in handy: “Are you really, really sure you want this blind copied email sent to all?”