[EMAIL PROTECTED] wrote:
> Bowie Bailey wrote:
> > [EMAIL PROTECTED] wrote:
> > > You have now. :) From mimedefang.pl:
> > >
> > > if ($AddApparentlyToForSpamAssassin and
> > > ($#Recipients >= 0)) {
> > > push(@sahdrs, "Apparently-To: " .
> > > join(", ", @Recipients) . "\n");
> > > }
> >
> > Hmmm... Is this header removed prior to delivery? If not, doesn't
> > it violate the entire idea of a BCC by letting the recipients know
> > about each other?
>
> A copy of the message is made, certain headers are appended
> (Return-Path, Received, Apparently-To), and the copy is passed to
> SpamAssassin. The return result of the SpamAssassin is captured and
> the message copy is discarded.
>
> So the Apparently-To header is ONLY seen by SpamAssassin, and is not
> on the message as delivered to recipients.
Makes sense. I was just curious as I hadn't seen this before. That's
a good way of dealing with it. I had forgotten (or didn't know) that
mimedefang does not use SA's markup.
> Based on what SpamAssassin returns, the original may have headers
> appended to it (X-Spam-Status, etc.) -- or the mail might be
> discarded, tempfailed, or rejected.
>
> It might, in theory, be possible for a clever user to be able to
> infer that someone was BCC'd under certain circumstances... for
> example, if there was a MAIL_APPARENTLY_TO_JOE_AT_EXAMPLE_DOT_COM
> rule.
Right.
--
Bowie
