Just a heads up:
Bcc mail messages sent via Microsoft accounts (Outlook.com, MSN.com, Hotmai.com, etc.) are arriving to the recipients with all email addresses exposed. The Bcc flag is being ignored completely. We reported this to Microsoft a month ago but they have not acknowledge any server-related issues on their part.
Bcc is working properly when sending messages via Gmail and Yahoo so it is likely a Microsoft server issue but you should look into this to be sure it is not related to your ActiveX plugin. If you are aware of this issue and have a work-around, please email us ASAP.
Thanks for the great products.
Chilkat explicitly keeps the BCC email addresses outside the MIME of the email. In other words, with Chilkat, there is no BCC email header that is added to the MIME. This is often a point of irritation to users because they expect the BCC addresses to be present, but if they were, then they could be exposed. Chilkat takes the safe route to avoid exposing BCC addresses.
When a BCC recipient is added to an email (such as via the email.AddBcc method), it used in the "RCPT TO" part of the SMTP protocol. For example, a sample SMTP protocol session looks like this:
Server Response: 220 www.sample.com ESMTP Postfix Client Sending : HELO domain.com Server Response: 250 Hello domain.com Client Sending : MAIL FROM: <email@example.com> Server Response: 250 Ok Client Sending : RCPT TO: <firstname.lastname@example.org> Server Response: 250 Ok Client Sending : DATA Server Response: 354 End data with <cr><lf>.<cr><lf> Client Sending : Subject: Example Message Client Sending : From: email@example.com Client Sending : To: firstname.lastname@example.org Client Sending : Client Sending : Yo, Client Sending : Client Sending : Sending a test message. Client Sending : Client Sending : Later, Client Sending : Carl Client Sending : . Server Response: 250 Ok: queued as 45334 Client Sending : QUIT Server Response: 221 Bye
The BCC addresses are passed in RCPT TO commands, but are NOT part of the MIME. Therefore, if BCC addresses are getting exposed, it must be that the application code is somehow explicitly adding them to the MIME headers, or the Microsoft SMTP servers are doing something extra to add them to the MIME.