Have you ever BCCed someone on an email so that you can secretly keep them in the loop without the other recipients knowing? Here’s why it is a dangerous practice and what you should do instead.
What is BCC (for those who haven’t used it before)
When you send out an email you can add recipients email addresses to the To, CC or BCC fields. CC stands for carbon copy and is a term that comes from when we used typewriters and used carbon paper to make copies of letters to send to extra people.
BCC stands for Blind Carbon Copy.
Normally when you send an email, recipients can see who else received the email because they can see the To and CC fields. But they cannot see the BCC field which means that if you BCC someone on an email, the other people who received the same email will not know.
Why might you use BCC?
- To send a copy of the email to yourself so that you get it in your Inbox as an action item.
- To send a copy to your Gmail account etc. for archiving.
- To secretly inform someone about an email conversation
When not use to BCC?
When you are using a large mailing list: Using BCC is a great option when you are sending mass emails where you do not want to expose other recipients’ email addresses. You also prevent a long list of email addresses from showing above the email content which can be distracting.
EmailMerge for Outlook is an ideal tool to send mass personalized emails. No need to BCC everyone. Using a tool like EmailMerge for Outlook allows you to send emails to multiple recipients without disclosing their email addresses.
For emails that don’t require a response: When you are sending emails which are impersonal in nature like business announcements or product updates, it is suitable to use BCC.
When copying up: Normally when someone makes a mistake at work, you may CC your boss or superior to make them look bad. It’s even a bigger problem when you use BCC. It’s just unprofessional. Don’t use BCC to copy the boss to get another co-worker in trouble.
Is it unprofessional to use BCC?
If your goal is to protect the personal information (email addresses) of your contacts private, then yes using BCC is justifiable. If however, you are using BCC as a way to allow someone to digitally eavesdrop, then this lack of transparency can be unethical. For example, you secretly add your team manager to the email without the other recipient’s knowledge. If other recipients find out that you secretly added the team manager, this can undermine trust.
Such behavior can hurt your personal brand and people will see you as a tattletale.
What is the danger of using BCC?
If you used BCC to keep a recipient hidden from others, imagine what would happen if the hidden recipient did a reply-to-all!
Suddenly the other recipients would be aware that you had been using BCC and depending on the nature of the email conversation, this may be viewed as dishonest or sneaky.
What you can do instead of using BCC
Instead of using BCC, I recommend that you send the email out to the main recipients only using the To and CC fields. Then FORWARD the sent email to anyone else who you need to inform.
Now even if the secret recipient does a Reply-to-All, it only comes back to you.
How to avoid accidental Reply-to-Alls yourself
If you or others in your organization are dealing with confidential information that you are BCCed on, you might want to also look at SendGuard for Outlook to avoid doing an accident Reply-to-all yourself!
SendGuard is a Governance, Risk and Compliance solution for your outbound emails. It has special filters that check emails as you respond to them and as they are sent out.
A special prompt will warn you and ask for confirmation if you reply to an email on which you have been BCCed.
SendGuard will prompt you with the following notification when you hit Reply-all.
This can avoid the accidental disclosure to other recipients that we referred to earlier.
The following screenshot shows some of SendGuard’s most powerful features.
SendGuard is transactable on Microsoft Azure Marketplace, meaning if you are a Microsoft customer you can now directly purchase SendGuard from the marketplace as well since it streamlines the buying process.
To find out how SendGuard can help you meet your organization’s security needs, contact our sales team for a demo on firstname.lastname@example.org.
Editors Note: This post has been updated for accuracy and comprehensiveness.
Image by pressfoto on Freepik
6 Replies to “Why you should NOT use BCC for secret communications”
Another very important reason not to use BCC is that the blind copy remains in the meta data. In a commercial situation, producing emails electronically will show the blind copies and may raise issues as to other “targets.”
I use BCC to send emails to a large list of friends (about 350), but don’t want to disclosure their email addresses to all of them.
When of them reply to all, the other email addresses remain in the BCC?
Correct Germán. That is another useful purpose of bcc and you are right – if one of the bcc recepients does Reply All – they will only reply to the sender or anyone else that is not in the Bcc list. Others in the Bcc list will not be replied to.
When all addresses are in the Bcc, a Reply-to-All will only address the original sender. You do not see the other Bcc addresses as they are not available in the header, so a Reply-to-All can never disclose the other addresses.
The reply-to-all issue only applies to To and Cc addresses.
So what Salgar says is a usefull way to use Bcc.
Was tempted to do that just now. Got a mail from a tv show host about being selected for an audition and i was bcc’d…want to find out how many of us were picked.
If I BCC my boss an email I’m sending to a coworker, and the coworker responds to me, my boss can see that reply, right?