Hi,

I have an issue that I am pretty sure I tested a few months ago. It seems that all recipients that are in bcc fields are able to see all others.

Here is a quick test:

Convey("Given I am able to send an email", t, func() {
	mail := mailyak.New(smtpServer, auth)
	mail.Subject("Hello World")
	mail.Bcc("chris@mycompany.com", "chris@gmail.com") //  2 emails should be sent
	mail.From("someone@mycompany.com")
	mail.FromName("Demo Issue")
	mail.Plain().Set("Content of the email")

	err := mail.Send()
	So(err, ShouldBeNil)  // no error found, email are received
})

I am well receiving the 2 emails (one on my personal email and one on my company email) but I can see directly who received this email.

Do you have any idea what could go wrong ?

thanks,

Chris

Hi @t00f, this is definitely a problem!

Can you tell me a bit more about your setup? Specifically:

• What SMTP server are you using?
• What commit of mailyak are you compiling against? (cd into $GOROOT/src/github.com/domodwyer/mailyak and do a git rev-parse HEAD)
• Does it still happen if you include a "To" address and can the "To" addressee see the BCC addresses?
• If possible, can you attach a copy of the raw email (including headers) from both the "To" recipient and one of the "BCC" recipients? Feel free to redact anything you consider sensitive, I just want to see what headers make it to the end user.

It might be related to 470790e which should be a safe change, however the RFC's aren't very helpful in this regard:

• RFC822 says:

Some  systems  may choose to include the text of the "Bcc" field only in the
author(s)'s  copy,  while  others  may also include it in the text sent to
all those indicated in the "Bcc" list.

• RFC2822 offers 3 ways BCC fields could work including this:

In the second case, recipients specified in the "To:" and "Cc:" lines each
are sent a copy of the message with the "Bcc:" line removed as above, but the
recipients on the "Bcc:" line get a separate copy of the message containing a
"Bcc:" line.

• RFC2821 suggests the BCC header should always be removed by the SMTP server:

Each recipient address from a TO, CC, or BCC header field SHOULD be copied to
a RCPT command (generating multiple message copies if that is required for
queuing or delivery).  This includes any addresses listed in a RFC 822
"group".  Any BCC fields SHOULD then be removed from the headers.

So there's definitely some ambiguity on how BCC should work... My suspicion is on the SMTP server here, it might help trying some alternatives.

Dom

Hi @domodwyer,

Thanks for your prompt reply. I am using smtp.gmail.com:587 as the smtp server with the latest mailyak master (7dd2d12f0bba55a3aad8059d9c43c9b6550d38ee).

I have tried to add a To recipient and got the following results:

• "To" recipient is able to receive the email and also see the "Bcc" addresses
• "Bcc" addresses are receiving the email and can see both "Bcc" and "To" recipients in the email.

Please find attached two files:

• to.txt is the raw email for the "To" recipient
• bcc.txt is the raw message for one of the "Bcc" recipient

Additional information:

• "To" recipient is using an "AirMail" client
• "Bcc" recipients are using a standard MacOS "Mail" client.

Let me know if I can help,

Chris

Hi @t00f - sorry for the delay I've had a few things on this week.

I think the best course of action is to revert 470790e - this will break using mailyak to generate MIME data to send over the AWS SES API (which is why the change was added).

Mailyak was primarily for sending emails via SMTP and should do so correctly (via multiple RCPT TO calls rather than adding the BCC header which is inconsistently handled) but I understand there's a few people doing the above and would like to cater to both, so I'll add an "opt-in" flag to optionally include the BCC headers.

I'm rather busy with work and writing a talk for a conference, so this could take me a couple days - sorry! I'll try and get it done ASAP though.

Thanks for reporting it!

Dom

Fixed by #15