Full Disclosure: Re: a question about e-mails

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: a question about e-mails

From: Sebastian Niehaus <killedbythoughts () mindcrime net>
Date: Thu, 26 Feb 2004 17:21:23 +0100

"Dave Howe" <DaveHowe () cmn sharp-uk co uk> writes:

If you aren't listed in To or CC, it is obvious you were BCCed,
and it is impossible to determine the other BCC recipients as that
information never leaves the mail composer (that said, an initial
first-hop host *could* compare multiple emails sent in a single session,
and rebuild the BCC


Given the recipients of all mails are on the same domain or on the
same MX the last hop can rebuild the bcc as well.

Unless somebody inbetween uses qmail as mailserver :-)


Sebastian

-- 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Re: a question about e-mails, (continued)
- RE: a question about e-mails Remko Lodder (Feb 26)
- RE: a question about e-mails Sandeep Sengupta (Feb 26)
  - Re: a question about e-mails maarten (Feb 26)
    - Re: a question about e-mails Dave Howe (Feb 26)
    - Re: a question about e-mails Sebastian Niehaus (Feb 26)
- RE: a question about e-mails Rainer Gerhards (Feb 26)
- RE: a question about e-mails Rainer Gerhards (Feb 27)
- RE: a question about e-mails allan . vanleeuwen (Feb 27)
- RE: a question about e-mails Remko Lodder (Feb 27)
  - RE: a question about e-mails Gary E. Miller (Feb 27)