PDA

View Full Version : Tracing BCC



matrix4444
11-28-2005, 10:19 PM
Hi there,

i would like to know, is it possible to trace the bcc (blind corbon copy) for the incoming mail. it is because, recently one of my friend claimed, he can do it. he did prove it so i'm just wondering as how does he did. perharps you guys can help me to clear my doubt

Thanks
PS :banghead:

TonyJollans
11-29-2005, 01:06 AM
I'm not sure exactly what you mean but only two people know about bcc recipients - the sender and the blind recipient. It is not possible for a third party to even find out if there are any bcc recipients, let alone trace them.

I don't know what 'proof' you've seen, but If I send your friend an e-mail (no tricks - just a straightforward e-mail) and bcc it to someone else he will not be able to tell you who I bcc'ed it to, period. I'm not an e-mail expert but I'm confident of that.

At least that is the case if normal e-mail clients are used. There are a variety of fairly clever e-mail tracking systems out there most of which use some sort of forwarding and it may be possible if the sender has used an untrustworthy service provider for something like that.

Killian
11-29-2005, 03:32 AM
Hi there

I'm a little confused... you ask if something is possible, then say it is. You know someone who knows how to do it but you ask the question here instead. Is this a test? :think:

Well, I the interest of "clearing your doubt", here's an opinion:

In theory, it should not be possible.
How it should work... All email fields are included in the header information, when a copy is sent from the source server, certain field info, including all the bcc's, is stripped from the header - they are simply not included in the mail.

Reality, however, has at least two mitigating circumstances:
Incompetent programming e.g. M$ Outlook Express 6 which shipped with a bug where if a message was split (a multipart message) all the header info was included for all recipients in all parts.
Questionable design e.g. Pegasus Mail includes the bcc's in the header by default - you have to go to tools>options and chack a box to switch that off.

If the info is in the header, anyone can find it by simply opening the mail with a text editor. If it isn't, there's no secret place to look unless you can access the mail servers, which is another matter entirely.

matrix4444
11-29-2005, 05:32 PM
Hi Tony and killian

Thanks for the quick response. Let me explain the scenario to you guys. I have sent a mail to 'A' and cc to 'B'. At the same time, I have bcc to 'C'. The 'A' have told me that I have dropped a blind carbon copy to 'C' ....brilliant . I did ask the 'A' as how does he know and what is the secret but he did not want to share his idea. As far as i know, the blind carbon copy (bcc) can't trace by using microsoft outlook software. It is not possible. perhaps as you told the service provider might assist him.

Hi killian ....could you kindly explain much more about "access the mail server" what else can be done by accessing the server. i believe the 'A' might seek for server administrator help to perform some tracing action.

Thank you for the pervious feedback, i'm quite curious to know as how does it work because the 'A' is pulling my leg by saying microsoft outlook 2003 has such feature to trace.


PS :dunno

fumei
11-30-2005, 02:28 AM
Accessing the mail server means you have direct access to the packets themselves. ALL mail outbound from a mail server has packets - if it has related "links" to an originating message (cc, bcc), or not, means nothing. If it is using SMTP (Simple Mail Transfer Protocol) it is using standard packets.

In theory - well, actually, in practice - you COULD check all packets looking for ones originating from the same source. You COULD then line up the ones originating with the same (or very close) timestamp. However, that would not PROVE that "X" series of packets was a bcc of "Z" series of packets. Maybe same timestamp, and same source, but not proved it was a bcc.

"A" is pulling your leg. Actually, unless "A" is very very clever, "A" is full of crap. And if he IS that clever he should be working for the NSA.

Microsquish is well aware of the litigatiousness of such a hole. Mind you their software IS full of holes, but that one would be so darn big that to say it is a "feature" of Outlook is laughable.

To repeat - "A" is full of it.

Killian
11-30-2005, 04:16 AM
Outlook doesn't have a feature to "trace" bcc's. If the information isn't in the Mail's header information, the Outlook client can't find it.
The original request from B is sent to the mail server which then distributes it. This, of course, contains ALL the information - so a mail server admin can accesss that copy (or the mail server log to see what mails have been sent where).

TonyJollans
11-30-2005, 05:15 AM
Does 'A' know 'C' - or have access to 'C's mail?

Brandtrock
12-02-2005, 12:56 PM
Along the lines of Tony's last question, in a business environment it is not unlikely that supervisors can see their subordinates e-mails. This may be how A is getting the info.


HTH

matrix4444
12-07-2005, 07:47 PM
Hi guys,



After a couple of days with forum members assist. I have manage to get the answer as how the ?A? able to trace the BCC. As what as told in the previous post, it is absolutely right, Outlook 2003 does not have such feature?(Impossible).



Let me explain the incident as how the ?A? got the answer (trace BCC). All this event was happen in my working place. ?C? is one of the working partners of mine, which does not have working relation with ?A? (working at same place but different department).



Unfortunate day was came toward ?A? some confidential mail was spreading internal and external as well. The ?A? is a manager and he uses his authority to trace the mailing address with network/server engineer assist. During the process, they have noted I have sent a blind copy. It is a coincident trace, because the mail that they looking for is not mine. It seems they want to catch a mermaid; unfortunately a fish has been caught together.





Thank for the forum member to give me some idea



PS :beerchug:

Howard Kaikow
12-07-2005, 10:33 PM
Hi guys,



After a couple of days with forum members assist. I have manage to get the answer as how the ?A? able to trace the BCC. As what as told in the previous post, it is absolutely right, Outlook 2003 does not have such feature?(Impossible).



Let me explain the incident as how the ?A? got the answer (trace BCC). All this event was happen in my working place. ?C? is one of the working partners of mine, which does not have working relation with ?A? (working at same place but different department).



Unfortunate day was came toward ?A? some confidential mail was spreading internal and external as well. The ?A? is a manager and he uses his authority to trace the mailing address with network/server engineer assist. During the process, they have noted I have sent a blind copy. It is a coincident trace, because the mail that they looking for is not mine. It seems they want to catch a mermaid; unfortunately a fish has been caught together.





Thank for the forum member to give me some idea



PS :beerchug:

If the sender and the recipuent are using the same mail server, maybe there's a way to track Bcc on the server.

But there's no way for a recipient to determine who, other than themself, was Bcc-ed.

matrix4444
12-07-2005, 11:04 PM
Hi Howard kaikow,



Thank for the response, as for your info, we are using the same server to send or receive mail. Possibility to get knows BCC profile is in higher chance in my company. It is because; our mail addresses always begins with our name then follow by @xx.xxx.xxx. Rather than that, a general particular will be show such, name, department, speed dial & designation if the person click the ?properties command?





PS :friends:

TonyJollans
12-08-2005, 01:13 AM
The ?A? is a manager and he uses his authority to trace the mailing address with network/server engineer assist.

Yes, the information is recorded on the server. 'A' couldn't find out as a recipient of the mail. He found out because he had enough authority to check the server.