Can I Retrieve Email Addresses from BCC?Spoofing email From addressHow do I safely inspect a suspicious email...
Diode in opposite direction?
In Star Trek IV, why did the Bounty go back to a time when whales are already rare?
Reply 'no position' while the job posting is still there
How can Trident be so inexpensive? Will it orbit Triton or just do a (slow) flyby?
Global amount of publications over time
How do I repair my stair bannister?
Some numbers are more equivalent than others
Why does Async/Await work properly when the loop is inside the async function and not the other way around?
How much character growth crosses the line into breaking the character
How do I implement a file system driver driver in Linux?
How to align and center standalone amsmath equations?
Do Legal Documents Require Signing In Standard Pen Colors?
Should I stop contributing to retirement accounts?
We have a love-hate relationship
Is it improper etiquette to ask your opponent what his/her rating is before the game?
Customize circled numbers
What does this horizontal bar at the first measure mean?
Transformation of random variables and joint distributions
Have I saved too much for retirement so far?
Ridge Regression with Gradient Descent Converges to OLS estimates
How to color a curve
What linear sensor for a keyboard?
Is camera lens focus an exact point or a range?
Why in book's example is used 言葉(ことば) instead of 言語(げんご)?
Can I Retrieve Email Addresses from BCC?
Spoofing email From addressHow do I safely inspect a suspicious email attachment?Hotmail securityEmail Spoofing by SMTP Message-ID?Is thread's auto-login from email implementation secure/good user experience?PayPal “Confirm your email address” spam emails? I got 3 different mails within 10 hoursWebsite customer e-mail collection form getting spammed, why and what to doMail address spoofing : how to protect myselfEmail got hijacked or hacked, where to start?Can a custom return path make SPF redundant
Can anyone tell me how to unmask the e-mail addresses in a bcc field when I am just a recipient? Need very simple, step-by-step instructions for someone who doesn't code. I have received a group e-mail and would really like to see the others who got it. Thank you!
New contributor
add a comment |
Can anyone tell me how to unmask the e-mail addresses in a bcc field when I am just a recipient? Need very simple, step-by-step instructions for someone who doesn't code. I have received a group e-mail and would really like to see the others who got it. Thank you!
New contributor
add a comment |
Can anyone tell me how to unmask the e-mail addresses in a bcc field when I am just a recipient? Need very simple, step-by-step instructions for someone who doesn't code. I have received a group e-mail and would really like to see the others who got it. Thank you!
New contributor
Can anyone tell me how to unmask the e-mail addresses in a bcc field when I am just a recipient? Need very simple, step-by-step instructions for someone who doesn't code. I have received a group e-mail and would really like to see the others who got it. Thank you!
New contributor
New contributor
New contributor
asked 5 hours ago
Jenny BJenny B
61
61
New contributor
New contributor
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
You can't. You simply won't have any information about the Bcc header when you receive the mail, so you there's nothing to "unmask".
The way Bcc is designed is specified in RFC 2822, under section 3.6.3. To quote the specification:
The "Bcc:" field (where the "Bcc" means "Blind Carbon Copy") contains
addresses of recipients of the message whose addresses are not to be
revealed to other recipients of the message. There are three ways in
which the "Bcc:" field is used. In the first case, when a message
containing a "Bcc:" field is prepared to be sent, the "Bcc:" line is
removed even though all of the recipients (including those specified
in the "Bcc:" field) are sent a copy of the message. In the second
case, recipients specified in the "To:" and "Cc:" lines each are sent
a copy of the message with the "Bcc:" line removed as above, but the
recipients on the "Bcc:" line get a separate copy of the message
containing a "Bcc:" line. (When there are multiple recipient
addresses in the "Bcc:" field, some implementations actually send a
separate copy of the message to each recipient with a "Bcc:"
containing only the address of that particular recipient.) Finally,
since a "Bcc:" field may contain no addresses, a "Bcc:" field can be
sent without any addresses indicating to the recipients that blind
copies were sent to someone. Which method to use with "Bcc:" fields
is implementation dependent, but refer to the "Security
Considerations" section of this document for a discussion of each.
When a message is a reply to another message, the mailboxes of the
authors of the original message (the mailboxes in the "From:" field)
or mailboxes specified in the "Reply-To:" field (if it exists) MAY
appear in the "To:" field of the reply since these would normally be
the primary recipients of the reply. If a reply is sent to a message
that has destination fields, it is often desirable to send a copy of
the reply to all of the recipients of the message, in addition to the
author. When such a reply is formed, addresses in the "To:" and "Cc:"
fields of the original message MAY appear in the "Cc:" field of the
reply, since these are normally secondary recipients of the reply. If
a "Bcc:" field is present in the original message, addresses in that
field MAY appear in the "Bcc:" field of the reply, but SHOULD NOT
appear in the "To:" or "Cc:" fields.
Note: Some mail applications have automatic reply commands that
include the destination addresses of the original message in the
destination addresses of the reply. How those reply commands behave
is implementation dependent and is beyond the scope of this document.
In particular, whether or not to include the original destination
addresses when the original message had a "Reply-To:" field is not
addressed here.
In practice the case where To and Cc recipients receive no Bcc line, but each Bcc'ed address receives a Bcc line containing only their email address, is most common. This provides no indication of a Bcc to the To and Cc recipients, and indicates to the Bcc'ed recipients that they were sent the email via the use of Bcc without revealing other Bcc recipients.
1
each Bcc'ed address receives a Bcc line containing only their email address, is most common.
Is it? That would require sending the message multiple times instead of a single message with multipleRCPT TO:
commands. What MUA would do that?
– Esa Jokinen
1 hour ago
add a comment |
Typically not possible if you don't have control over the sender SMTP server since this field is not transmitted to the recipient SMTP server.
When sending a mail, the sender SMTP server checks the BCC field and creates a copy for each recipient listed, removing the list of other recipients.
That is the whole point of BCC functionality.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Jenny B is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206003%2fcan-i-retrieve-email-addresses-from-bcc%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You can't. You simply won't have any information about the Bcc header when you receive the mail, so you there's nothing to "unmask".
The way Bcc is designed is specified in RFC 2822, under section 3.6.3. To quote the specification:
The "Bcc:" field (where the "Bcc" means "Blind Carbon Copy") contains
addresses of recipients of the message whose addresses are not to be
revealed to other recipients of the message. There are three ways in
which the "Bcc:" field is used. In the first case, when a message
containing a "Bcc:" field is prepared to be sent, the "Bcc:" line is
removed even though all of the recipients (including those specified
in the "Bcc:" field) are sent a copy of the message. In the second
case, recipients specified in the "To:" and "Cc:" lines each are sent
a copy of the message with the "Bcc:" line removed as above, but the
recipients on the "Bcc:" line get a separate copy of the message
containing a "Bcc:" line. (When there are multiple recipient
addresses in the "Bcc:" field, some implementations actually send a
separate copy of the message to each recipient with a "Bcc:"
containing only the address of that particular recipient.) Finally,
since a "Bcc:" field may contain no addresses, a "Bcc:" field can be
sent without any addresses indicating to the recipients that blind
copies were sent to someone. Which method to use with "Bcc:" fields
is implementation dependent, but refer to the "Security
Considerations" section of this document for a discussion of each.
When a message is a reply to another message, the mailboxes of the
authors of the original message (the mailboxes in the "From:" field)
or mailboxes specified in the "Reply-To:" field (if it exists) MAY
appear in the "To:" field of the reply since these would normally be
the primary recipients of the reply. If a reply is sent to a message
that has destination fields, it is often desirable to send a copy of
the reply to all of the recipients of the message, in addition to the
author. When such a reply is formed, addresses in the "To:" and "Cc:"
fields of the original message MAY appear in the "Cc:" field of the
reply, since these are normally secondary recipients of the reply. If
a "Bcc:" field is present in the original message, addresses in that
field MAY appear in the "Bcc:" field of the reply, but SHOULD NOT
appear in the "To:" or "Cc:" fields.
Note: Some mail applications have automatic reply commands that
include the destination addresses of the original message in the
destination addresses of the reply. How those reply commands behave
is implementation dependent and is beyond the scope of this document.
In particular, whether or not to include the original destination
addresses when the original message had a "Reply-To:" field is not
addressed here.
In practice the case where To and Cc recipients receive no Bcc line, but each Bcc'ed address receives a Bcc line containing only their email address, is most common. This provides no indication of a Bcc to the To and Cc recipients, and indicates to the Bcc'ed recipients that they were sent the email via the use of Bcc without revealing other Bcc recipients.
1
each Bcc'ed address receives a Bcc line containing only their email address, is most common.
Is it? That would require sending the message multiple times instead of a single message with multipleRCPT TO:
commands. What MUA would do that?
– Esa Jokinen
1 hour ago
add a comment |
You can't. You simply won't have any information about the Bcc header when you receive the mail, so you there's nothing to "unmask".
The way Bcc is designed is specified in RFC 2822, under section 3.6.3. To quote the specification:
The "Bcc:" field (where the "Bcc" means "Blind Carbon Copy") contains
addresses of recipients of the message whose addresses are not to be
revealed to other recipients of the message. There are three ways in
which the "Bcc:" field is used. In the first case, when a message
containing a "Bcc:" field is prepared to be sent, the "Bcc:" line is
removed even though all of the recipients (including those specified
in the "Bcc:" field) are sent a copy of the message. In the second
case, recipients specified in the "To:" and "Cc:" lines each are sent
a copy of the message with the "Bcc:" line removed as above, but the
recipients on the "Bcc:" line get a separate copy of the message
containing a "Bcc:" line. (When there are multiple recipient
addresses in the "Bcc:" field, some implementations actually send a
separate copy of the message to each recipient with a "Bcc:"
containing only the address of that particular recipient.) Finally,
since a "Bcc:" field may contain no addresses, a "Bcc:" field can be
sent without any addresses indicating to the recipients that blind
copies were sent to someone. Which method to use with "Bcc:" fields
is implementation dependent, but refer to the "Security
Considerations" section of this document for a discussion of each.
When a message is a reply to another message, the mailboxes of the
authors of the original message (the mailboxes in the "From:" field)
or mailboxes specified in the "Reply-To:" field (if it exists) MAY
appear in the "To:" field of the reply since these would normally be
the primary recipients of the reply. If a reply is sent to a message
that has destination fields, it is often desirable to send a copy of
the reply to all of the recipients of the message, in addition to the
author. When such a reply is formed, addresses in the "To:" and "Cc:"
fields of the original message MAY appear in the "Cc:" field of the
reply, since these are normally secondary recipients of the reply. If
a "Bcc:" field is present in the original message, addresses in that
field MAY appear in the "Bcc:" field of the reply, but SHOULD NOT
appear in the "To:" or "Cc:" fields.
Note: Some mail applications have automatic reply commands that
include the destination addresses of the original message in the
destination addresses of the reply. How those reply commands behave
is implementation dependent and is beyond the scope of this document.
In particular, whether or not to include the original destination
addresses when the original message had a "Reply-To:" field is not
addressed here.
In practice the case where To and Cc recipients receive no Bcc line, but each Bcc'ed address receives a Bcc line containing only their email address, is most common. This provides no indication of a Bcc to the To and Cc recipients, and indicates to the Bcc'ed recipients that they were sent the email via the use of Bcc without revealing other Bcc recipients.
1
each Bcc'ed address receives a Bcc line containing only their email address, is most common.
Is it? That would require sending the message multiple times instead of a single message with multipleRCPT TO:
commands. What MUA would do that?
– Esa Jokinen
1 hour ago
add a comment |
You can't. You simply won't have any information about the Bcc header when you receive the mail, so you there's nothing to "unmask".
The way Bcc is designed is specified in RFC 2822, under section 3.6.3. To quote the specification:
The "Bcc:" field (where the "Bcc" means "Blind Carbon Copy") contains
addresses of recipients of the message whose addresses are not to be
revealed to other recipients of the message. There are three ways in
which the "Bcc:" field is used. In the first case, when a message
containing a "Bcc:" field is prepared to be sent, the "Bcc:" line is
removed even though all of the recipients (including those specified
in the "Bcc:" field) are sent a copy of the message. In the second
case, recipients specified in the "To:" and "Cc:" lines each are sent
a copy of the message with the "Bcc:" line removed as above, but the
recipients on the "Bcc:" line get a separate copy of the message
containing a "Bcc:" line. (When there are multiple recipient
addresses in the "Bcc:" field, some implementations actually send a
separate copy of the message to each recipient with a "Bcc:"
containing only the address of that particular recipient.) Finally,
since a "Bcc:" field may contain no addresses, a "Bcc:" field can be
sent without any addresses indicating to the recipients that blind
copies were sent to someone. Which method to use with "Bcc:" fields
is implementation dependent, but refer to the "Security
Considerations" section of this document for a discussion of each.
When a message is a reply to another message, the mailboxes of the
authors of the original message (the mailboxes in the "From:" field)
or mailboxes specified in the "Reply-To:" field (if it exists) MAY
appear in the "To:" field of the reply since these would normally be
the primary recipients of the reply. If a reply is sent to a message
that has destination fields, it is often desirable to send a copy of
the reply to all of the recipients of the message, in addition to the
author. When such a reply is formed, addresses in the "To:" and "Cc:"
fields of the original message MAY appear in the "Cc:" field of the
reply, since these are normally secondary recipients of the reply. If
a "Bcc:" field is present in the original message, addresses in that
field MAY appear in the "Bcc:" field of the reply, but SHOULD NOT
appear in the "To:" or "Cc:" fields.
Note: Some mail applications have automatic reply commands that
include the destination addresses of the original message in the
destination addresses of the reply. How those reply commands behave
is implementation dependent and is beyond the scope of this document.
In particular, whether or not to include the original destination
addresses when the original message had a "Reply-To:" field is not
addressed here.
In practice the case where To and Cc recipients receive no Bcc line, but each Bcc'ed address receives a Bcc line containing only their email address, is most common. This provides no indication of a Bcc to the To and Cc recipients, and indicates to the Bcc'ed recipients that they were sent the email via the use of Bcc without revealing other Bcc recipients.
You can't. You simply won't have any information about the Bcc header when you receive the mail, so you there's nothing to "unmask".
The way Bcc is designed is specified in RFC 2822, under section 3.6.3. To quote the specification:
The "Bcc:" field (where the "Bcc" means "Blind Carbon Copy") contains
addresses of recipients of the message whose addresses are not to be
revealed to other recipients of the message. There are three ways in
which the "Bcc:" field is used. In the first case, when a message
containing a "Bcc:" field is prepared to be sent, the "Bcc:" line is
removed even though all of the recipients (including those specified
in the "Bcc:" field) are sent a copy of the message. In the second
case, recipients specified in the "To:" and "Cc:" lines each are sent
a copy of the message with the "Bcc:" line removed as above, but the
recipients on the "Bcc:" line get a separate copy of the message
containing a "Bcc:" line. (When there are multiple recipient
addresses in the "Bcc:" field, some implementations actually send a
separate copy of the message to each recipient with a "Bcc:"
containing only the address of that particular recipient.) Finally,
since a "Bcc:" field may contain no addresses, a "Bcc:" field can be
sent without any addresses indicating to the recipients that blind
copies were sent to someone. Which method to use with "Bcc:" fields
is implementation dependent, but refer to the "Security
Considerations" section of this document for a discussion of each.
When a message is a reply to another message, the mailboxes of the
authors of the original message (the mailboxes in the "From:" field)
or mailboxes specified in the "Reply-To:" field (if it exists) MAY
appear in the "To:" field of the reply since these would normally be
the primary recipients of the reply. If a reply is sent to a message
that has destination fields, it is often desirable to send a copy of
the reply to all of the recipients of the message, in addition to the
author. When such a reply is formed, addresses in the "To:" and "Cc:"
fields of the original message MAY appear in the "Cc:" field of the
reply, since these are normally secondary recipients of the reply. If
a "Bcc:" field is present in the original message, addresses in that
field MAY appear in the "Bcc:" field of the reply, but SHOULD NOT
appear in the "To:" or "Cc:" fields.
Note: Some mail applications have automatic reply commands that
include the destination addresses of the original message in the
destination addresses of the reply. How those reply commands behave
is implementation dependent and is beyond the scope of this document.
In particular, whether or not to include the original destination
addresses when the original message had a "Reply-To:" field is not
addressed here.
In practice the case where To and Cc recipients receive no Bcc line, but each Bcc'ed address receives a Bcc line containing only their email address, is most common. This provides no indication of a Bcc to the To and Cc recipients, and indicates to the Bcc'ed recipients that they were sent the email via the use of Bcc without revealing other Bcc recipients.
answered 4 hours ago
PolynomialPolynomial
101k31246339
101k31246339
1
each Bcc'ed address receives a Bcc line containing only their email address, is most common.
Is it? That would require sending the message multiple times instead of a single message with multipleRCPT TO:
commands. What MUA would do that?
– Esa Jokinen
1 hour ago
add a comment |
1
each Bcc'ed address receives a Bcc line containing only their email address, is most common.
Is it? That would require sending the message multiple times instead of a single message with multipleRCPT TO:
commands. What MUA would do that?
– Esa Jokinen
1 hour ago
1
1
each Bcc'ed address receives a Bcc line containing only their email address, is most common.
Is it? That would require sending the message multiple times instead of a single message with multiple RCPT TO:
commands. What MUA would do that?– Esa Jokinen
1 hour ago
each Bcc'ed address receives a Bcc line containing only their email address, is most common.
Is it? That would require sending the message multiple times instead of a single message with multiple RCPT TO:
commands. What MUA would do that?– Esa Jokinen
1 hour ago
add a comment |
Typically not possible if you don't have control over the sender SMTP server since this field is not transmitted to the recipient SMTP server.
When sending a mail, the sender SMTP server checks the BCC field and creates a copy for each recipient listed, removing the list of other recipients.
That is the whole point of BCC functionality.
add a comment |
Typically not possible if you don't have control over the sender SMTP server since this field is not transmitted to the recipient SMTP server.
When sending a mail, the sender SMTP server checks the BCC field and creates a copy for each recipient listed, removing the list of other recipients.
That is the whole point of BCC functionality.
add a comment |
Typically not possible if you don't have control over the sender SMTP server since this field is not transmitted to the recipient SMTP server.
When sending a mail, the sender SMTP server checks the BCC field and creates a copy for each recipient listed, removing the list of other recipients.
That is the whole point of BCC functionality.
Typically not possible if you don't have control over the sender SMTP server since this field is not transmitted to the recipient SMTP server.
When sending a mail, the sender SMTP server checks the BCC field and creates a copy for each recipient listed, removing the list of other recipients.
That is the whole point of BCC functionality.
answered 5 hours ago
NaoyNaoy
112
112
add a comment |
add a comment |
Jenny B is a new contributor. Be nice, and check out our Code of Conduct.
Jenny B is a new contributor. Be nice, and check out our Code of Conduct.
Jenny B is a new contributor. Be nice, and check out our Code of Conduct.
Jenny B is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206003%2fcan-i-retrieve-email-addresses-from-bcc%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown