-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Tip ST04-008
Benefits of BCC
Although in many situations it may be appropriate to list email
recipients in the To: or CC: fields, sometimes using the BCC: field
may be the most desirable option.
What is BCC?
BCC, which stands for blind carbon copy, allows you to hide recipients
in email messages. Unlike addresses in the To: field or the CC:
(carbon copy) field, addresses in the BCC: field cannot be seen by
other users.
Why would you want to use BCC?
There are a few main reasons for using BCC:
* Privacy - Sometimes it's beneficial, even necessary, for you to
let recipients know who else is receiving your email message.
However, there may be instances when you want to send the same
message to multiple recipients without letting them know who else
is receiving the message. If you are sending email on behalf of a
business or organization, it may be especially important to keep
lists of clients, members, or associates confidential. You may
also want to avoid listing an internal email address on a message
being sent to external recipients.
Another point to remember is that if you use the To: or CC: fields
to list all of your recipients, these same recipients will also
receive any replies to your message unless the sender removes
them. If there is potential for a response that is not appropriate
for all recipients, consider using BCC.
* Tracking - Maybe you want to access or archive the email message
you are sending at another email account. Or maybe you want to
make someone, such as a supervisor or team member, aware of the
email without actually involving them in the exchange. BCC allows
you to accomplish these goals without advertising that you are
doing it.
* Respect for your recipients - Forwarded email messages frequently
contain long lists of email addresses that were CC'd by previous
senders. These addresses are highly likely to be active and valid,
so they are very valuable to spammers. Furthermore, many
email-borne viruses harvest email addresses contained in messages
you've already received (not just the To: and From: fields, but
from the body, too), so those long lists in forwarded messages
pose a risk to all the accounts they point to if you get infected.
Many people frequently forward messages to their entire address
books using CC. Encourage people who forward messages to you to
use BCC so that your email address is less likely to appear in
other people's inboxes and be susceptible to being harvested. To
avoid becoming part of the problem, in addition to using BCC if
you forward messages, take time to remove all existing email
addresses within the message. The additional benefit is that the
people you're sending the message to will appreciate not having to
scroll through large sections of irrelevant information to get to
the actual message.
How do you BCC an email message?
Most email clients have the option to BCC listed a few lines below the
To: field. However, sometimes it is a separate option that is not
listed by default. If you cannot locate it, check the help menu or the
software's documentation.
If you want to BCC all recipients and your email client will not send
a message without something in the To: field, consider using your own
email address in that field. In addition to hiding the identity of
other recipients, this option will enable you to confirm that the
message was sent successfully.
_________________________________________________________________
Authors: Mindi McDowell, Allen Householder
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST04-008.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRi+YhOxOF3G+ig+rAQLkDwgAr1w17QxrPsYvsRJTvzEruj6Be3tk5vPh
ypt5ew6JnaGHa7K51Lu6hspR3aeZTGdgivzAreKmOfAT+aJQLejIo9xfsFVlJsn3
ZMagLcPP4pCRCT7/nTJhIGe1Hxuis1WeQiyVPqpcJagHAAsR9+EaR5wbeYPjoXXE
JuAmM4INGzaxniNe1RjLma79H+95RH6Bzxmk2s2v2D69x9zqq+Ezz9GMw7Jl88ug
9EJJGYh2Kt2EwUy0VSzxT8oafOucw5QcoE2ACVviAzvr19qE3qEW3cuBuIuBokXD
gMADMHRbN+FZMJ2y585/zWdKVNGjDSfrKzCE7jn5g79CWOhne35lMw==
=VNOn
-----END PGP SIGNATURE-----
