Accepting an invitation sends the message to default Bcc: address too
Categories
(Calendar :: General, defect)
Tracking
(Not tracked)
People
(Reporter: s.p.helma, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Steps to reproduce:
I set up a default Bcc: address in Account Settings > [Account} > Copies & Folders > Bcc these email addresses:
I click on "Accept invitation" in the invitation email.
Actual results:
The invitation acceptance message is not only sent to the person sending the invitation, but also to the Bcc: address.
Expected results:
The acceptance message should only sent to the person inviting my, but not to the Bcc: address. This can be a possible security leak. On a technical side, it is not even logical to send it to anybody else than the host and the invitees.
See also: bug 1577082, bug 1562896
Updated•5 years ago
|
Comment 1•5 years ago
|
||
While I'm surprised that "works", that is what it's supposed to do. It can't be a privacy leak that Thunderbird sent a mail to the bcc you said it should send to.
Reporter | ||
Comment 2•5 years ago
|
||
Please, let's not get us distracted by a discussion, if this is a privacy leak or not (this might be a matter of definition).
May I explain my scenario?
I work for a company where all relevant emails are collected in what we call a "sales inbox". I tend to forget to include this mailbox address in the Bcc: field, so I set it up in "Account Settings > [Account} > Copies & Folders > Bcc these email addresses:" as described. If the email should not go into the sales inbox, I simply delete the address from the Bcc: field.
When I receive an invitation and accept it, this acceptance mail is sent to the sales inbox. I don't have any control, if it is sent or not. I don't want to send all accepted invitations to the sales inbox where everybody can read it.
Since I cannot delete the Bcc: from the acceptance mail, I considered in a privacy leak. Perhaps there is a better word for it?
Comment hidden (obsolete) |
Reporter | ||
Comment 4•4 years ago
|
||
Magnus, it begins to dawn at me, why you think this is not a privacy leak: You believe, that because I set a default Bcc: address, I must like to have all emails bcc'ed to this address!
I use the default Bcc: address in a different way: For me it is just a reminder to bcc my email to this address. This address is my company's common mailbox. I delete this address, if it not appropriate to send my emails there. I do not bcc all my emails to this address (and definitely do not want my accepted invitation end up at this address). So not being able to control the Bcc: is a security leak for me.
It might be worth checking, if the invitation is also cc'ed to default Cc: addresses ...
Description
•