~rjarry/aerc#283: 
BCC headers are exposed to recipients with gmail

Gmail has had a long standing issue where their servers do not strip bcc headers from emails before sending to the recipients. It does not seem like Gmail will ever correct this, but I know many clients have implemented work arounds to this, I'm hoping aerc can do the same.

i.e. if I send an email through a gmail account, the people under "to:" and "cc:" will be able to see anyone addressed in "bcc:"

Status
REPORTED
Submitter
~xavierchanth
Assigned to
No-one
Submitted
26 days ago
Updated
18 days ago
Labels
No labels applied.

~ferdinandyb 25 days ago

I am unable to reproduce this. I'm also not sure what a client can do if this were the case. We need to hand over the email for sending to the smtp server. If the server can't handle bcc then the only workaround I could see is sending several messages instead of one.

~rjarry 23 days ago

I don't think aerc is doing any removal of Bcc: headers before sending. So theoretically, this is a real bug.

~xavierchanth 18 days ago*

I did review the aerc code, and aerc is not stripping bcc headers. I did not dive deep enough into the code to determine if this is a trivial change or not. The ideal solution would be the smtp server strips these out, but unlike most servers, it seems gmail servers do not as this has been reported with other mail clients.

Unfortunately, it doesn't seem like Google will fix it. Most of the other reports to gmail that I've found are years old and result in the reporter switching mail clients or waiting for a patch in the client.

I'm currently in the process of trying other approaches to sending email with gmail so I can continue using aerc... I'm currently back to the browser for sending mail in the meantime.

~xavierchanth 18 days ago

Update: I've switched to using msmtp for sending mail and that seems to have solved my issue.

Modified a version of the script in the notmuch configuration example, and msmtp has an option to strip bcc headers before sending.

Register here or Log in to comment, or comment via email.