Friday, 15 May 2009

Sending email to multiple recipients - a better way

Current Practice

Generally when people send email they list the recipients in the TO field. This means that each recipient gets a copy of the email and a list of all the other recipients.

Nothing wrong with this but if this email is forwarded, generally a copy of all the other email address is forwarded as well. Now if the email message is really interesting it may be forwarded with increasing lists of email addresses to people who may not know who any of the other email addresses are.

In a perfect world this may be fine, but should this email with lots of email addresses fall into the wrong hands it could end up on SPAM lists or worse: someone could use the chain of email addresses to establish relationships between people in order to launch a more believable attack.

For example if A sends an email to B, C and D then a SPAMer could send SPAM to B, C and D and make it appear that the email came from A (and vice-versa). Since B, C and D already know A the email may get passed their SPAM filters and opened - The SPAMer is now only one click away from launching an attack on their computer.

A Better Practice

Instead of using the TO field, simply use the BCC field and never use the TO or CC fields.

How Does This Help?


Addresses in the BCC field all get a copy of the email but they do not get the list of other people's email address - they only see their own email address.

Should they forward the email on, they only forward on their own email address.

If people begin to adopt this practice, there will be fewer email addresses falling into the hands of the SPAMers.