pitzerwm
Active member
Using Blind Carbon Copies AKA BCC
I really appreciate your newsletters, as does a co-worker of mine. This particular newsletter, dealing with the hacking and spoofing of a person's email account caught my attention. I may be wrong, but in most cases a lot of this spoofing can be eliminated if users only use the BCC field when forwarding emails. Frequently I get forwarded messages, jokes, etc. sent to as many as 50, 100, or more people and they are all listed in the CC (carbon copy) field. If they would use the BCC (blind carbon copy) field these email addresses and names would be invisible, or at least take a whole lot of hacking to get them. So it's my opinion that spoofers are on the lookout for these forwards. The copy them down, names and email address, and attribute the list to a name an email address from which the message originated. Now the spoofer can use that email address, sending a message of their own to everyone listed on the list they've compiled. In most cases the problem isn't so much as a security issue as it is a real hassle to get people to realize that "I didn't send that message." Maybe you could pass along the word that using the BCC could prevent a lot of headaches and possibly some hazardous malware at the same time. - DB
Being Too Forward
Your article was informative, but an area that I think should be addressed is that of forwarded emails. I have relatives that receive emails from their friends that often have (no joke) up to one hundred email addresses in the message body from where a chain letter has been forwarded on repeatedly. All it takes is for that chain letter to end up on one infected machine and now every single one of those email addresses is on a server overseas somewhere. It's a good idea to remove email addresses from forwarded mails unless there's a pressing legitimate need for it to be there. - BW
I really appreciate your newsletters, as does a co-worker of mine. This particular newsletter, dealing with the hacking and spoofing of a person's email account caught my attention. I may be wrong, but in most cases a lot of this spoofing can be eliminated if users only use the BCC field when forwarding emails. Frequently I get forwarded messages, jokes, etc. sent to as many as 50, 100, or more people and they are all listed in the CC (carbon copy) field. If they would use the BCC (blind carbon copy) field these email addresses and names would be invisible, or at least take a whole lot of hacking to get them. So it's my opinion that spoofers are on the lookout for these forwards. The copy them down, names and email address, and attribute the list to a name an email address from which the message originated. Now the spoofer can use that email address, sending a message of their own to everyone listed on the list they've compiled. In most cases the problem isn't so much as a security issue as it is a real hassle to get people to realize that "I didn't send that message." Maybe you could pass along the word that using the BCC could prevent a lot of headaches and possibly some hazardous malware at the same time. - DB
Being Too Forward
Your article was informative, but an area that I think should be addressed is that of forwarded emails. I have relatives that receive emails from their friends that often have (no joke) up to one hundred email addresses in the message body from where a chain letter has been forwarded on repeatedly. All it takes is for that chain letter to end up on one infected machine and now every single one of those email addresses is on a server overseas somewhere. It's a good idea to remove email addresses from forwarded mails unless there's a pressing legitimate need for it to be there. - BW
