Spammers love CC, hate BCC

Transient

Spam, spam, spam: don’t you just hate it? It’s interesting to see that spammers net very little, estimated at $200 million, but coping with their activities costs the economy no less than $20 billion.

One of the easiest ways to get spammed is inadvertently to open one of those phishing links you get sent from time to time. But, with a bit of self-discipline, you can avoid falling into the trap. What you cannot overcome is your friends’ and contacts’ prodigal use of your email address.[1]

This manifests itself in the excessive and exclusive use of the CC field in emails. Every time I get an email with a long list of CCs, including my own, I know that I am vulnerable. It takes only one of the recipients to get their email hacked, or, even, for the mail to get into the wrong hands, and bingo: Spam heaven.

Use of CC in such circumstances is one thing that really raises my hackles. Only yesterday I received an email which had been addressed to all the apartments in my complex. Not only did I have everyone else’s email address, but without a shadow of a doubt one of my neighbours will soon be hacked and all spam will be let loose.

I replied, but first I ctrl-X’d all the addresses in the CC field and ctrl-V’d them into the BCC (blind copy) field. That’s where they should have been in the first place. All of us would have received a personal email with no obvious links to neighbours.

The CC (carbon copy) field has its uses, of course, but it should be used sparingly, very sparingly indeed. Of course, my neighbours might argue that CC was the better choice, thus enabling replies to go to all original recipients. But I think security should take precedence over convenience.

Why is it that so many people find this basic security precaution so difficult to implement?


  1. The worst offenders, without doubt, are friends who send jokes and bits of trivia that they absolutely must share. Unfortunately, these are the very people who are so unaware of security implications that their Hotmail and Yahoo accounts get hacked regularly and all their contacts, including my address, are laid bare to spammers.  ↩