Have you ever received a mass email sent to dozens of addresses, with your email address in the To or CC field? Maybe that email was sent to a group of people you know, or maybe it was sent to a group of strangers.
How did you feel about your email address being shared with everyone else? Maybe you were upset, or maybe you never thought about it. I’d like to tell you why this is a privacy issue you should care about, and what you can do about it.
When a person receives an email that has multiple email addresses in the To or CC field, they can see everyone the email was sent to. Why does that matter? Most people won’t do anything with those addresses.
Well, some people might be curious, or nosy, and look into who received the email. They may even do some online snooping to find details about the other recipients on social media or elsewhere online. In rare cases, someone may target one of the other recipients in the form of harassing, threatening, hacking, or scamming.
A malicious person doesn’t need to move against the owner of the email address right away; they can save the email address to target at any point in the future.
It’s not only humans who can act against the owners of the revealed email addresses. Malware can search a computer or mobile device for email addresses. When it finds an email with a long list of addresses in the To or CC fields, it can harvest them. It can then send spam or malicious emails to those addresses, or save those addresses to be the target of hacking, scamming, identity theft, etc.
Unfortunately, the revealed email addresses don’t necessarily stop with the recipients. Any one of the recipients can forward the email, and the email addresses of all the other recipients will be forwarded along with the email. I’ve been forwarded many emails that include long lists of email addresses, some of which appear to be internal company addresses which aren’t intended for use outside the company.
How to Increase Privacy & Security
Maybe you’ve noticed that when you send an email, you can put addresses in the To field, the CC field, or the BCC field.
The To field is for recipients whom you want to read and possibly act on your email.
The CC (Carbon Copy) field is for recipients whom you want to read your email to be aware of it, but you’re not asking them to act on it.
The BCC (Blind Carbon Copy) field is for recipients whom you want to read your email and possibly act on it, but you want to keep the recipients a secret. Recipients will not be able to see who else received the email.
BCC is the field that protects privacy. Using it respects the privacy of recipients.
Take responsibility for your own emailing. Make it a habit to use BCC whenever you’re sending to multiple addresses where the recipients don’t already know each other, or to any large group, even when the recipients know each other.
If you don’t see the BCC field, you may need to click or tap to reveal it. Look near the To field. Some email programs will let you leave the To field blank if you put addresses in BCC. If yours doesn’t, put your own address in the To field.
Once you’ve dealt with emails you send, turn your attention to emails you receive. Politely ask others to use BCC. I send something like this:
[Name], thank you for sending this to me. For mass emails like this, please put the recipients in the BCC field rather than the To or CC field, to protect the privacy and security of recipients. Here’s an article that tells more about this, if you’re interested.
It’s polite and short, not overwhelming. If the person is interested in learning more, they can.
One other benefit of BCC is that people can’t Reply All to everyone else who received the email, deliberately or accidentally. I’m sure you’ve been annoyed when people do that!
Using BCC whenever possible reduces invasions of privacy and limits the spread of malware. It’s proper email etiquette. Do your part, and encourage others to do the same!
- Using the Blind Carbon Copy (BCC) Feature in Email (pitt.edu)
- What BCC Is, and Why You’re a Terrible Person If You Don’t Use It (howtogeek.com)
- Benefits of BCC (us-cert.gov)
- BCC for Privacy! (rutgers.edu)
What You Should Do
- Use BCC whenever you’re sending to multiple addresses where the recipients don’t already know each other.
- Use BCC whenever you’re sending to any large group, even when the recipients know each other.
- Politely ask others to use BCC for mass emails.