[EMAIL PROTECTED] wrote: > Bowie Bailey wrote: > > [EMAIL PROTECTED] wrote: > > > You have now. :) From mimedefang.pl: > > > > > > if ($AddApparentlyToForSpamAssassin and > > > ($#Recipients >= 0)) { > > > push(@sahdrs, "Apparently-To: " . > > > join(", ", @Recipients) . "\n"); > > > } > > > > Hmmm... Is this header removed prior to delivery? If not, doesn't > > it violate the entire idea of a BCC by letting the recipients know > > about each other? > > A copy of the message is made, certain headers are appended > (Return-Path, Received, Apparently-To), and the copy is passed to > SpamAssassin. The return result of the SpamAssassin is captured and > the message copy is discarded. > > So the Apparently-To header is ONLY seen by SpamAssassin, and is not > on the message as delivered to recipients.
Makes sense. I was just curious as I hadn't seen this before. That's a good way of dealing with it. I had forgotten (or didn't know) that mimedefang does not use SA's markup. > Based on what SpamAssassin returns, the original may have headers > appended to it (X-Spam-Status, etc.) -- or the mail might be > discarded, tempfailed, or rejected. > > It might, in theory, be possible for a clever user to be able to > infer that someone was BCC'd under certain circumstances... for > example, if there was a MAIL_APPARENTLY_TO_JOE_AT_EXAMPLE_DOT_COM > rule. Right. -- Bowie