The RFC822 headers (From, To, Cc, Bcc) are a fiction. In the real world you can telnet to port 25, give a list of envelope recipients, and then type anything you want in the From, To and Cc fields. Anyway in normal, non-port-25-forgery, usage the envelope recipients match the addition of the To, Cc + Bcc, and the Bcc header is removed, then the envelope recipients are communicated to the mail hub. The mail hub however then delivers the mails onwards and if multiple recipients are at the same domain may deliver them individually or as a group. As you cant control what the mail hub does, defensively you have to deliver Bcc recipients separately and individually with a stamp for them. And the other recipients as a single group. Otherwise as you observed the X-Hashcash headers blow the privace of the Bcc recipients. I believe thats what hashcash-sendmail does. Kind of complex but there you are. The problem with using the From address (I think most/all of the current clients dont do that) is that its not unique to the recipient. So a spammer could create one spam and send it to millions of people and they'd all think the stamp looked valid and they hadnt seen it before. Adam On Wed, Mar 23, 2011 at 03:24:17PM -0600, Aaron Toponce wrote:
I've built a Python script for Mutt that mints tokens based on the addresses in the To: and Cc: fields, however, how does hashcash handle Bcc: or envelope recipients? By putting a token for each recipient in the header, the addresses of those recipients would be revealed, thus defeating the whole point. I've thought about minting a token with a resource of "bcc-recipients", and placing that token in the headers, but then that reveals that there have been Bcc: recipients added to the mail. I believe the whole point of Bcc: is to be completely transparent, not revealing to anyone that they exist. So, I'm guessing that it's probably best to just ignore Bcc: and envelope recipients in general. I guess I could mint a token for the From: address (is this what I should be doing anyway?), but then that begs the question of why not just minting a token using the From: address only, and not worry about the To: and Cc: addresses? Am I missing something?