login about faq

Just a heads up:

Bcc mail messages sent via Microsoft accounts (Outlook.com, MSN.com, Hotmai.com, etc.) are arriving to the recipients with all email addresses exposed. The Bcc flag is being ignored completely. We reported this to Microsoft a month ago but they have not acknowledge any server-related issues on their part.

Bcc is working properly when sending messages via Gmail and Yahoo so it is likely a Microsoft server issue but you should look into this to be sure it is not related to your ActiveX plugin. If you are aware of this issue and have a work-around, please email us ASAP.

Thanks for the great products.

asked Jul 28 '16 at 14:23

chilkat's gravatar image

chilkat ♦♦

Chilkat explicitly keeps the BCC email addresses outside the MIME of the email. In other words, with Chilkat, there is no BCC email header that is added to the MIME. This is often a point of irritation to users because they expect the BCC addresses to be present, but if they were, then they could be exposed. Chilkat takes the safe route to avoid exposing BCC addresses.

When a BCC recipient is added to an email (such as via the email.AddBcc method), it used in the "RCPT TO" part of the SMTP protocol. For example, a sample SMTP protocol session looks like this:

Server Response: 220 www.sample.com ESMTP Postfix
Client Sending : HELO domain.com
Server Response: 250 Hello domain.com
Client Sending : MAIL FROM: <me@domain.com>
Server Response: 250 Ok
Client Sending : RCPT TO: <friend@sample.com>
Server Response: 250 Ok
Client Sending : DATA
Server Response: 354 End data with <cr><lf>.<cr><lf>
Client Sending : Subject: Example Message
Client Sending : From: me@domain.com
Client Sending : To: you@sample.com
Client Sending :
Client Sending : Yo,
Client Sending :
Client Sending :   Sending a test message.
Client Sending :
Client Sending :   Later,
Client Sending : Carl
Client Sending : .
Server Response: 250 Ok: queued as 45334
Client Sending : QUIT
Server Response: 221 Bye

The BCC addresses are passed in RCPT TO commands, but are NOT part of the MIME. Therefore, if BCC addresses are getting exposed, it must be that the application code is somehow explicitly adding them to the MIME headers, or the Microsoft SMTP servers are doing something extra to add them to the MIME.


answered Jul 28 '16 at 14:30

chilkat's gravatar image

chilkat ♦♦

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Jul 28 '16 at 14:23

Seen: 1,656 times

Last updated: Jul 28 '16 at 14:30

powered by OSQA