lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: DaveHowe at cmn.sharp-uk.co.uk (Dave Howe)
Subject: a question about e-mails

maarten wrote:
> I think it is safe to assume that the people who drafted the RFC did
> their homework and it logically follows that there is (absolutely) no
> way to retrieve the original BCC entries (not even by the receiving
> smtp admin).
Theoretically, you could check the To and CC headers, and add the RCPT TO:
target to a BCC: field if not found in either - don't see the point
though. If you aren't listed in To or CC, it is obvious you were BCCed,
and it is impossible to determine the other BCC recipients as that
information never leaves the mail composer (that said, an initial
first-hop host *could* compare multiple emails sent in a single session,
and rebuild the BCC list in full that way; dont' see why you would do that
though (the BCC recipients aren't supposed to be public, that is the whole
point)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ