A situation thats come to my attention a couple of times recently strikes me as well, important, for anyone that either:

a) Receives email from people who don't know how to use BCC instead of Open CC (that'd be most of us), or

b) Receives their email care of the POP3 plugin for Microsoft Exchange.

The Microsoft Knowledge Base Article on the subject explains it well enough for most technical users. However I get the impression that a lot of people don't understand the circumstance that creates this particular 'problem'.

The Problem is evidenced by a LARGE number of repeat emails being delivered to one or a group of people, Where the group of people were all recipients of the original, that was sent to all of those recipients via Open TO: or CC: fields.

For those who don't understand what the pop3 connector does... heres an explaination:

Email is delivered using the SMTP protocol. It is 'pushed' from the sending mail server to the destination mail server based on the advertised MX record in the DNS. For example:





;; ANSWER SECTION:

paradise.net.nz. 1286 IN MX 20 smtp.paradise.net.nz.

paradise.net.nz. 1286 IN MX 10 pop3.paradise.net.nz.





In this example paradise have two MX's, which have differing priorities. The priority is set by the number next to the host, and the lowest number has the highest priority. To use this example, email to any-valid-user who has @paradise.net.nz in their address, will be delivered by your smtp server to 'pop3.paradise.net.nz'. If this fails, it'll try the next highest number present - smtp.paradise.net.nz.

For businesses who want to run their own email in-house - MS Exchange seems to be a common choice. Obviously it has a lot of features that lend themselves to the business environment - address books, calendars etc which can be shared, and so on. So its not necessarily a bad business idea.

Therefore company may then choose to host their own mail server capable of running SMTP service. To do this they need a permanent internet connection, and a fixed or static IP address. Many ISPs sell this sort of connectivity, the most basic of which is a static IP dialup, or a Jetstream ADSL line with Static IP assigned (as the Primary MX that appears in the DNS has to map to a fixed IP address). This introduces a couple of problems.:



• (Dialup) - the cost of being dialed up 24/7. (4c/minute from an NZ business line)
• 
  (Jetstream) - The cost of bandwidth after exceeding your monthly limit on a business plan.

• Both also have the overhead of a potential fee for static IP service.





The POP3 system is seen as a way of avoiding most of the above while keeping most of the functionality of your Exchange server.

• Your ISP is the advertised MX, not your office-based fixed IP connection (or not).
  
• They receive the email for your domain and deliver it to a 'pop3 wildcard' - a mailbox configured to accept all email, regardless of destination address, if it is @yourdomain.
  
• Your exchange server connects to that mailbox using the pop3 protocol - exactly as if you were using MS Outlook or similar to talk to an ordinary, client side, blah@paradise mail address.





ADVANTAGES:



• The mail is pushed to your ISP - its their bandwidth in use, and their systems that need to be available 24/7.
  
• If they have spam or virus filtering server side, you can take full advantage. The mail isn't bypassing their network in order to be delivered to yours.
  
• The mail is pulled down to your exchange server by the pop3 connector and distributed to individual user accounts based on the TO: or CC: information present in the headers.





DISADVANTAGES:



• Blind Carbon Copy or Mailing Lists where the end recipient is Implied not explicitly defined in the header - won't get to its target mailbox. The POP3 plugin can't determine the recipient based on the header - so it'll get forwarded to the postmaster on the box concerned.
  
  
• Introduces reliance on your ISPs systems, which can defeat the point.

Anyway. The Link to the MS Site above includes reference to a patch which (apparently) fixes the problem MUST be downloaded and installed by anyone who intends to run - or is actively running - the pop3 connector. This is the sort of thing that can cause bandwidth blowouts on Jetstream connections that can cost thousands of dollars - nevermind the impact on the sender of the message, who sent 1 message and had no idea your mail server was waiting to spawn 10,000 copies.

That said, the sender is still partially (maybe 10%) responsible. The other way to prevent this from happening is to use BLIND CARBON COPY (BCC). This hides the recipient list so that the buggy server can't then redeliver to it. It also hides the recipient list from likely spam harvesters, and is considered good netiquette as a result. Failing to use BCC can also construe a breach of ISP Terms and Conditions in many cases. If you need to put someone in the TO: box to make it work - put yourself! Everyone on your recipient list knows who you are already!

When I first discovered this issue I found very little online documentation about the problem. I hope this article improves that situation and helps others - feed me back (webmaster@ my domain) if this is useful or should be improved.

Cheers. :-)