tags:

views:

549

answers:

1
+7  Q: 

Sending BCC emails using a SMTP server?

I've had this noted down on some of my code for a while:

/**
 * Add a BCC.
 *
 * Note that according to the conventions of the SMTP protocol all
 * addresses, including BCC addresses, are included in every email as it
 * is sent over the Internet. The BCC addresses are stripped off blind
 * copy email only at the destination email server.
 *
 * @param string $email
 * @param string $name
 * @return object Email
 */

I don't remember where I got it from but that shouldn't be relevant to this question. Basically, whenever I try to send an email with BCCs via SMTP the BCC addresses are not hidden - I've read the whole RFC for the SMTP protocol (a couple years ago) and I don't think I'm missing anything.

The strange thing is, if I send an email with BCCs using the built-in mail() function everything works just right and I've no idea why - I would like to roll my own email sender but I fail to understand this.

Can someone please shed some light into this dark subject?

+6  A: 

The BCC addresses are not stripped off at the destination email server. That's not how it works.

How SMTP actually works

  • The sender will send a list of RCPT TO commands to the SMTP server, one for each receiver email addresses, and this command does not distinguish whether the receiver is a normal To, CC or BCC type receiver.
  • Soon enough after calling the command that tells the SMTP server who's the sender, who's the server, and everything else, only then the sender will call the DATA command, in which will contain the content of the email - which consist of the email headers and body - the one that are received by email clients. Among these email headers are the usual from address, to address, CC address.
  • The BCC address is not shown to the receiver, simply because it's not printed out under the DATA command, not because the destination SMTP server stripped them away. The destination SMTP server will just refer to the RCPT TO for the list of email addresses that should receive the email content. It does not really care whether the receiver is in the To, CC or BCC list.
    Update (to clarify): BCC email addresses must be listed in the RCPT TO command list, but the BCC header should not be printed under the DATA command.

Quoting a part of the RFC that I think is relevant to your case:

Please note that the mail data includes the memo header items such as Date, Subject, To, Cc, From [2].

Rolling out your own email sender

A couple of years ago, I frankly think, is quite a long time back to assume that you still memorize end-to-end of RFC 821. :)

Amry  2010-05-01 14:46:24
MTA's like Hotmail _do_ seem to care, but I suppose there's nothing we can do about that :)
Tim Post  2010-05-01 15:06:59
Ahh if that's the case, then I wouldn't really know. Personally I don't have any real world working prototype of my own email sender. I simply remembered a bit about this SMTP when I researched it as part of my coursework in university back in year 2002. :)
Amry  2010-05-01 15:27:34
My implementation does exactly that, I don't have the RFC 821 memorized - I just memorized that I did it right (spent 3 days testing and debugging one missing dot).
Alix Axel  2010-05-01 15:33:57
Actually I just noticed that I'm sending To, CC and BCC in `RCPT TO` commands **but** I'm also sending them after the `DATA` command - including the BCC.
Alix Axel  2010-05-01 15:37:08
@Tim Post: Is this also the case of your implementation?
Alix Axel  2010-05-01 15:39:14
@Alix: I see. Have you checked to see any differences in the raw content (the email header + body) between the one that you send and the one that `mail()` sent and then maybe try to make yours the same? Or even using some free SMTP server application that can be installed in your machine that would allow you to check the whole "conversation" between the sender and the SMTP server (this is as far as I can give any opinion of my own, don't have enough knowledge to advise on how to further debug SMTP issues).
Amry  2010-05-01 15:43:46
@Alix: I believe I stated in my third point that BCC shouldn't be printed as part of the `DATA` command but it should definitely appear in the `RCPT TO` list.
Amry  2010-05-01 15:47:31
Updated the answer (third point) for clarification purpose.
Amry  2010-05-01 15:56:32
@Army: Indeed. I just saw that "bug" after sending my first comment. I'll try that and to track down the differences between my implementation and `mail()` although I believe I read somewhere that `mail()` opens a new SMTP connection for each one of the BCC addresses, kinda pointless after your description. That's one of the reasons I also asked Tom, since he said he reuses the same SMTP connection to send BCCs.
Alix Axel  2010-05-01 15:57:33
@Alix: If I remember right, you will only need to open new connection per receiving SMTP server. If the addresses consist of, for example, [email protected] and [email protected], then definitely there must be a minimum of two connections opened - one for each receiving server.
Amry  2010-05-01 16:03:46
@Alix, No, I specify them in `RCPT TO`.
Tim Post  2010-05-01 16:05:52
@Tim: And they still show up? =( I was kinda hoping @Amry was right.
Alix Axel  2010-05-01 16:09:19
@Army: I got it, I'll try what you said (in a couple of hours) and I'll get back to you. Thanks for the reply!
Alix Axel  2010-05-01 16:14:10
@Alix: Another thing, when you send to two (or more) different servers, then you should also split the `RCPT TO` commands accordingly, i.e you wouldn't want to call `RCPT TO: [email protected]` when you are connecting to the yahoo.com SMTP server.
Amry  2010-05-01 16:23:37
@Army: I know that but thanks for reminding me. I'm coding the whole thing from scratch ATM.
Alix Axel  2010-05-01 16:29:41
@Army: Tried your approach and it works (at least with Gmail).
Alix Axel  2010-05-01 20:09:28
@Alix: Another way to test SMTP without coding first - use telnet to connect to the server on the SMTP port and you can "SMTP chat" with the server and see the result along the way.
Amry  2010-05-01 22:35:56

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases