[#12675] remove Bcc lines when forwarding messages
Summary remove Bcc lines when forwarding messages
Queue IMP
Queue Version 6.1.4
Type Enhancement
State Feedback
Priority 1. Low
Owners
Requester thpo+horde@dotrc.de
Created 2013-09-12 (2201 days ago)
Due
Updated 2013-09-25 (2188 days ago)
Assigned
Resolved
Milestone
Patch No

Comments
thpo+horde@dotrc.de 2013-09-12 08:04:09
when a message (from sentmail folder) is forwarded, any existing Bcc 
header should rather be removed or at least a warning being prompted 
to the user

currently a message being forwarded as an attachment remains untouched 
an thus may contain Bcc lines that are thought to remain secret

Michael Slusarz <slusarz@horde.org> 2013-09-17 05:05:36
Forwarded messages can't be munged.  Period.  They HAVE to be sent 
as-is.  That's the entire point of forwarding.

The only viable options are either:
1) Don't save Bcc information in forwarded message. (But now there is 
no complete record of the recipients of the message).
2) Warn user that Bcc information appears in the headers of a 
forwarded message.

Jan Schneider <jan@horde.org> 2013-09-17 07:35:58
I think Bcc is an exception because it would never be a real header of 
a real message. We only have them in drafts and sent mail, so these 
messages aren't even "as-is" the actually sent messages. We remove 
that header when sending those messages, so we can as well justify to 
remove it if we forward them.

Michael Slusarz <slusarz@horde.org> 2013-09-25 18:19:11
> I think Bcc is an exception because it would never be a real header 
> of a real message.

It *shouldn't* be.  But that doesn't mean it might never leak through. 
  And we can't go munging headers.

> We only have them in drafts and sent mail, so these messages aren't 
> even "as-is" the actually sent messages.

You are assuming that sent mail and drafts are static.  They aren't.   
There is no 100% foolproof way of determining whether a message was 
actually sent by IMP or not.

Which leads me back to the previous suggestion: The user has to 
proactively make a choice whether to strip the header out or not.