Blind carbon copy
In the context of correspondence, blind carbon copy (abbreviated Bcc:) allows the sender of a message to conceal the person entered in the Bcc: field from the other recipients. This concept originally applied to paper correspondence and now also applies to email. BCC has also been redescribed after the demise of carbon paper, as "Blind Copy Circulated," or "Blind Courtesy Copy;" the meaning remains the same.
In some circumstances, the typist creating a paper correspondence must ensure that multiple recipients of such a document do not see the names of other recipients. To achieve this, the typist can:
- Add the names in a second step to each copy, without carbon paper;
- Set the ribbon not to strike the paper, which leaves names off the top copy (but may leave letter impressions on the paper).
With email, recipients of a message are specified using addresses in any of these three fields:
- To: Primary recipients
- Cc: Carbon copy to secondary recipients—other interested parties
- Bcc: Blank carbon copy to tertiary recipients who receive the message. The primary and secondary recipients cannot see the tertiary recipients. Depending on email software, the tertiary recipients may only see their own email address in Bcc, or they may see the email addresses of all recipients.
There are a number of reasons for using this feature:
- BCC is often used to prevent an accidental "Reply All" from sending a reply intended for only the originator of the message to the entire recipient list.
- To send a copy of one's correspondence to a third party (for example, a colleague) when one does not want to let the recipient know that this is being done (or when one does not want the recipient to know the third party's e-mail address, assuming the other recipient is in the To: or Cc: fields).
- To send a message to multiple parties with none of them knowing the other recipients. This can be accomplished by addressing a message to oneself and filling in the actual intended recipients in the Bcc: field. However, this does not ensure that the Bcc: addresses will be hidden from other Bcc: addresses in all implementations.
- To prevent the spread of computer viruses, spam, and malware by avoiding the accumulation of block-list e-mail addresses available to all Bcc: recipients, which often occurs in the form of chain letters.
In some cases, use of Blind Carbon Copy may be viewed as mildly unethical. The original addressee of the mail (To: address) is left under the impression that communication is proceeding between the known parties, and is knowingly kept unaware of others participating in the primary communication.
A related risk is that by (unintentional) use of 'reply to all' functionality by someone on BCC, the original addressee is (inadvertently) made aware of this participation. For this reason, it is in some cases better to separately forward the original e-mail.
Depending on the particular email software used, the recipient may or may not know that the message has been sent via BCC. In some cases, ‘undisclosed recipients’ placed in the To: line (by the software) shows that BCC has been used. In other cases, the message appears identical to one sent to a single addressee. The recipient does not necessarily see the email address (and real name, if any) originally placed in the To: line.
When it is useful for the recipients to know who else has received a BCC message,
- their real names, but not their email addresses, can be listed in the body of the message, or
- a meaningful substitute for the names can be placed in the body of the message, e.g. ‘[To General Manager and members of Remunerations Committee]’, or ‘[To the whole Bloggs family]’.
In most implementations, the recipient of an email can see any email address specified by the Sender in the To: or Cc: fields. If, on the other hand, the Sender has specified addresses in the Bcc: field, the recipient in this case cannot see these Bcc addresses.
The internet standard for e-mail messages is RFC 2822 and the Bcc: header is discussed in section 3.6.3. It is unclear whether Bcc: is designed to ensure the Bcc: addresses are hidden from each other. On the one hand, it says:
- The "BCC:" field (where the "BCC" means "Blind Carbon Copy") contains addresses of recipients of the message whose addresses are not to be revealed to other recipients of the message.
It also states:
- There are three ways in which the "BCC:" field is used.
- In the first case, when a message containing a "BCC:" field is prepared to be sent, the "BCC:" line is removed even though all of the recipients (including those specified in the "BCC:" field) are sent a copy of the message.
- In the second case, recipients specified in the "To:" and "CC:" lines each are sent a copy of the message with the "BCC:" line removed as above, but the recipients on the "BCC:" line get a separate copy of the message containing a "BCC:" line. (When there are multiple recipient addresses in the "BCC:" field, some implementations actually send a separate copy of the message to each recipient with a "BCC:" containing only the address of that particular recipient.)
- Finally, since a "BCC:" field may contain no addresses, a "BCC:" field can be sent without any addresses indicating to the recipients that blind copies were sent to someone.
Since the hiding of the Bcc: addresses from other Bcc: addresses is not required by RFC 2822, one cannot assume the Bcc: addresses will be hidden from other Bcc: addresses
Both RFC 2821 and RFC 2822 discuss problems with Bcc: in their "Security Consideration" sections, in part because, as mentioned above, the processing for the Bcc: header is not standardized and there are several ways that it can commonly be implemented.
- RFC 2821 notes that some mail systems will add private headers showing all recipients that the e-mail was sent to, thus leaking the Bcc: list.
- RFC 2822 notes three problems:
- If the Bcc: header is completely removed, people who receive a blind copy may not notice they are not on either the To: or Cc: and reply to everyone, thus leaking that blind copies were sent.
- If the Bcc: header is not removed for people being sent a blind copy, then all blind copy recipients will know who received blind copies.
- If the email addresses on the Bcc: header are removed, but the header is not, this will leak the fact that some blind copies were sent.
- E-mail spam occasionally uses Bcc: to create fake accidental leaks of confidential information, e.g. in a variant of the pump and dump scheme.
Carbon vs. courtesy
The interpretation of "Bcc:" as "blind courtesy copy" is a backronym and not the original meaning; the historic RFC 733 has an explicit "blind carbon" annotation in its definition of the Bcc: header field syntax. "Cc:" and "Bcc:" mean "carbon copy" and "blind carbon copy" respectively.
Sending courtesy copies of mailing list replies also directly to the author(s) of answered message(s) is a common practice on some lists, and matches a new interpretation of "Cc:" as abbreviation for "courtesy copy".
- Stout, Chris. "DEAR NERD: Blind carbons hide addresses." Charleston Gazette (West Virginia, USA). 1998-01-18. page P5B. NewsBank record number 100F35638A890441.
- Husted, Bill. "Bad e-mail habits can be bothersome, embarrassing" Atlanta Journal-Constitution, The (Georgia, USA). 2009-08-30. page E15. NewsBank record number 103419444.
- Boodhoo, Niala; Carey, Bridget (2009-08-25). "Be careful when you 'reply all' to e-mail". Miami Herald. pp. C8. NewsBank record number 200908250100KNRIDDERFLMIAMIH_poked-08-25-09.