Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Why is it so bad to leave the email addresses in an email I forward?

Question:

When forwarding an email, what risks or problems are there when all of the
prior email addresses are included?

Well, first of all, I want you to make sure that you really want to forward
that email. If it’s something that’s pages and pages of email addresses
followed by some content, it sure does feel like it might be an urban legend
that
shouldn’t be forwarded
at all.

But, assuming that the email is something to legitimately forward, it all
boils down to a couple of things:

Spam and privacy.

]]>

Forwards of forwards

The most common situation is an email that’s been forwarded several times:

From: friend1@example.com
Subject: Fw: Cautionary Tale
To: you@example.com, friend2@example.com, friend3@example.com
This is important, be sure to read, and spread the word:
From: someone@example.com
Subject: Fw: Cautionary Tale
To: friend1@example.com, someone_else@example.com, someone_else2@example.com, someone_else3@example.com
From: random@randomisp.com
Subject: Fw: Cautionary Tale
To: a huge long list of email addresses...
Finally, maybe, that "Cautionary Tale".

You get the idea. Before you even get to see the body of the original email, you see a long list of Froms, Tos and often Ccs that include the email addresses and often the names of everyone that the email had been sent to prior to reaching you.

“Think hard two or three times before hitting ‘Forward’. Then think again.”

It goes without saying that it’s at least annoying to have to wade through all of that to get to the meat of the message.

But that’s not the real problem.

Spam

Unfortunately, spammers often get their hands on these emails. Be it via a typo, or having hacked someone’s account, the email lands in the hands of someone whose goal is to send out lots of garbage email in the form of spam.

They don’t care about the message, but they love, love, love all of those forwards that are in it.

Why?

Because it contains a list of known valid email addresses.

To a spammer, that’s gold.

When this happens, all of those email addresses are about to get a lot more spam.

By not removing all of the forwards from the beginning of the message before forwarding it on yourself, you’ve just made it that much more likely that all of those people will get more spam.

Privacy

Whether or not spammers get their hands on the email, the people you forward it to do.

I’ll admit to looking at the forwards or CCs on email like this that I receive to see if there’s anyone I recognize. I haven’t, but I could say, “Hey, that’s so-and-so, and I don’t have an email address for him yet – now I do!”

I don’t do that because, to be honest, it’s kinda creepy. Collecting email addresses from email that someone else forwarded you and failed to clean up like that just seems wrong.

And yet there are people who’ll do exactly that.

By not removing all of the email addresses and headers from the beginning of the message before forwarding it on yourself, you’ve just shared all of those names and email addresses with everyone whom you might send it to, the people that they might forward it to, and the people that those people might forward it to, and so on and so on.

Given all of the concerns about keeping your personal information safe these days, realize that that’s a huge privacy breach that you’re participating in.

Protecting yourself

Naturally, when you forward a message, your email address will at least show up as the From: address. When people subsequently forward that message again without removing the From: line, they’ll be sharing your email address with whomever they send the message to.

Are you still sure that you want to forward that message?

If so, you may want to consider which email address you use. This could be a perfect situation to use a throw-away email address that you don’t care about from a free email provider.

But do realize that whatever email address that you send from it has a very high probability of being inadvertently shared with dozens, if not hundreds, of people you don’t know.

Protecting your friends

You can protect yourself only somewhat by using a throw-away email account, but you can protect your friends, completely:

  • Protect the person who sent it to you and all of the people mentioned in the email headers left in the message by editing the message before you click Send. Remove the From:, Cc:, and whatever other lines make sense at the beginning of the message. In other words, remove all of those email addresses from the body of the message before you send it.

  • Protect the people who you’re forwarding it to by using BCC. Don’t send it To: any of them – send it To: yourself. Don’t Cc: anyone. Use Bcc:, which will send the email to all of those listed there without including their email address in the headers or the body that others might see.

That’s all that it takes. It’s pretty simple, really.

The ultimate protection

Don’t forward crap.

I hate to be that blunt or crass about it, but this problem comes up most often when people are forwarding humor or political rants or urban legends or fake warnings or other … crap.

Sorry, but that’s the right word.

Don’t forward on crap that doesn’t need to be forwarded, and in fact should not be forwarded on at all.

Think hard two or three times before hitting Forward. Then think again. Don’t believe everything that you get and do a little research before deciding what to believe. That, too, is simple and can save you a lot of embarrassment should what your forward turn out to be …

Well, like I said, there’s really no better word for it.

… should what your forward turn out to be crap.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

18 comments on “Why is it so bad to leave the email addresses in an email I forward?”

  1. Excellent explanation Leo. I wish this could be required reading for everyone with an email account. I will do what I can and show it to offending friends & relatives (I also recommend your newsletter to these same people when I get the chance).

    Reply
  2. Great explanation about forwarding emails, but the one thing all those people who forward emails and remove all the email addresses do is send it to: Joe, Bob, John, Bill, Sally, etc, etc. You get the idea. So every recipient gets everybody elses email address anyway. :-) The simple rule is: If you send any email to more than ONE person you should use BCC for every address. Some email clients make that easier than others, but it’s doable.

    Reply
  3. yet another “Golden” rule to be observed,the more of Leo that i read,i find truly enlightning,as an aside which??? brand of coffee is the best :):)

    Reply
  4. I remember reading an article some time ago that basically recommended using the blind courtesy copy (BCC) function when addressing emails. I will also, more often than not, remove addresses (To: …., etc.) in previously forwarded and the original headers.

    Reply
  5. well, a friend who was overly fond of forwarding everything to everybody didn’t heed warnings about doing so. this past September he called in a panic because his mother, sister, and some members of a church he belonged to began receiving invitations to pornographic adult sites with his name as the sender and his personal recommendation on the “hotness” of the sites. i began getting so many emails that were forged to appear to come from him i had to block him. these were everything from auto insurance to male enhancement products, Mexican and canadian pharmacies, life insurance, – everything under the sun. i was thankful i had never given him my ISP conneceted email and only given him my Yahoo address. if there was a good thing it was i got to tell him “i told you so!”

    Reply
  6. What is the best (quickest) way to eliminate forwarding the listed email addresses?
    Joe L

    Don’t list them – remove them as suggested by the article. It’s the only way.

    Leo
    14-Oct-2011
    Reply
  7. I have the suspicion that most of these “forward to everyone” chains are started by spammers precisely to collect addresses. A good rule of thumb is not to forward anything that you do not check yourself. Most of them are so idiotic that you can tell they are false. For example, those promising remuneration for forwarding the eMail.

    Reply
  8. I always do a check on Snopes.com before I forward anything along. If it is fake, etc, I reply back to the sender and send them a link to the page and ask them to check out the information before sending it along. Almost all thank me for the information. And I notice that I do not get any more of these forwarded emails. Either they dropped me from their list (bonus for me) or they do research and stop sending out these long emails (bonus for me and others).

    Sometimes, polite corrections can help in a large way.

    My experience has been the other way – I’ve received some very angry replies when I politely pointed out that what was being forwarded wasn’t true. As a result I no longer reply, I simply mark that sender’s email as spam.

    Leo
    15-Oct-2011
    Reply
  9. Even telling friends not to include addresses of others when forwarding messages, still, some friends continue to send messages with all addresses that will be shown, it’s as if they were showing off to me of how friends they have. I say who gives a Crap!!

    Reply
  10. I check out the weird stuff some of them send with Snopes. They always say verified by Snopes, but generally who ever passed it along never read down. You have to read the whole thing on Snopes, they tell you at the end of the article not the beginning. 99.9% of that stuff is trashed.

    Reply
  11. “My experience was the other way…”
    Leo- Ditto here! Also, I can’t seem to get some people to STOP using cc with 100 names. I even sent the link to your topic previously on this item.
    The woman said she was an IT with a large co. previously. She said that she still didn’t think it was wrong…gee whiz

    Reply
  12. I tend to get a lot of warnings/urban legends. If it’s from family, I will occasionally check into it, and send back a response. Most of the time, I just ignore it.

    Sometimes I get the email from business acquaintances – frequently people that I haven’t had email contact for a substantial amount of time. In these cases, it’s almost always a forward full of other email addresses, and the person also sent it To: what seems like everyone in their address book.

    In these cases, I am tempted to take the following procedure (although I haven’t done it – yet).

    1 – forward the message to a throwaway account.
    2 – compose a response explaining why the warning is a bunch of hooey, including sources and citations if available, plus my own keen insights.
    3 – include a warning that when they just forward messages without removing the previous lists, plus send it To: their entire contact list, they then potentially deliver all those email addresses to a spammer
    4 – send the response back to the person that sent the message to me, along with every email address that I was able to harvest out of the warning.

    Of course, at this point I am pretty much becoming a spammer.

    Why would I do this? Because even if I send a well-written rebuttal to the person that sent it to me, and the light bulb turns on in their head, I doubt they are going to re-forward my response to everyone that they sent the first message to. And even if they do, those people aren’t likely to send it out to their lists saying “I was wrong to forward this to you…”.

    It’s all about educating the masses – even if they don’t know they need to be educated, or don’t want to be educated.

    Like I said, I haven’t done it yet – just been really tempted.

    Reply
  13. In addition to using BCC to forward messages (after verifying the accuracy of the information), best to forward only from the page that has the message and not the one (or more) page(s) that precede it.

    I have found that many, through laziness or not understanding how to do it, merely hit “Fwd” and send it on. This makes several layers even worse.

    And it doesn’t take much to block-delete previous addressees if folks would just take a minute or so to do it.

    I also have a jpeg that I sometimes include in my response or forwarding that emphasizes that use of BCC and deleting previous recipients is a valuable tool in preventing spammers and malicious use of email addresses. Sometimes the “hint” is taken — sometimes not (alas).

    Reply
  14. I send emails to a contact group. I include myself in the group. I notice that everybody I send the message to is shown in the ‘sent’ box. How do I avoid this? I am familiar with the Bcc function but I am looking for a one-touch-sends-a
    all that does not show the other recipients of the mail.

    Reply
  15. @Tim
    That depends on which email program you are using. You’d have to find one which allows you to include the group name in the BCC field. For example in the Thunderbird address book, you can create a list and drag the desired names to that list to create the group. Then, when composing the email, click on the To: button and change it to Bcc: and type the name of the list you’ve created and you should be good to go.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.