Dave, I get a lot of spam each day and have noticed that a lot of it is not even addressed to my email address. How am I getting it?
This is indeed a puzzle that I see in my own mailbox too. The secret is that email is sent through something called the Simple Mail Transport Protocol, aka SMTP.
Using SMTP, your mail program opens up a connection to your outbound mail server (email folk call this a mail transport agent) and then sends it a list of recipients to whom you want to send the message, then it sends the header and body of the message itself.
Note that I didn’t say that it sends the headers and lets the SMTP server figure out who is on your recipient list, however! That’s the secret: you can have recipients listed in the SMTP handshake that aren’t listed in the message body itself.
When you send a message to someone and they’re listed as the primary recipient, they get on the “To:” list. Copy someone else (your boss, your friend, your spouse, whomever) and they end up on the “Cc” or carbon-copy list. In both of those cases, each recipient can scan the headers and see both the “To:” and “Cc:” recipients, so they can conclude that they know the entire circle of people to whom the message was sent.
Right? Wrong. The third way you can send a message to someone is by using something called “Bcc” or blind carbon-copy. Recipients on the Bcc list are pulled out of the message header prior to it even leaving your mail program; when your mailer communicates via SMTP with the mail transport agent (the ISP’s mail server, for example) it’s already split off the list of recipients that it wants to receive the message from the list of recipients that are explicitly listed and shown in the header of the message.
The long and short of it is if I send an email to you and Bcc my friend Joel, for example, you’ll never have a clue that he saw a copy of the message. And Joel, for his part, will be a bit puzzled because, just like your spam, he’ll have a message in his inbox that doesn’t list him as a recipient.
So one level of spammers send a message “To” one person or a list or a dead, deliberate fake email address (like “winners@somewhere.com”) and then include all of the intended recipients in the “Bcc” list. Their email program automatically hides all the recipients and you get junk mail without having a clue why.
Others have programs that more deliberately spoof the entire SMTP protocol, but the net effect is the same.
Hope that helps clarify what’s going on!
The only way you could find out the Bcc list would be to look in the mail transport agent’s log file on the sending machine. If you’re not on that machine because you’re a recipient, there’s no way to ascertain the Bcc list.
is there ANY way i can find out the bcc list???
You are very right dave, but these days all free email services generally filter the message as spam if your email isn’t in the to/cc list (true of Hotmail, Gmail and Yahoo at leaast)
On Hotmail, you clearly have to add the mailing lists that you subscribe to to a Whitelist
I wonder what email service the person who asked this question is using. I guess he should be talking to his ISP on spam filtering