“Undisclosed recipients” is often placed in the “To:” line by email programs when the message being sent has no entries in the “To:” or “Cc:” lines. The sender has used the “Bcc:” feature of email to send the email to one or more people without revealing who they are.
So, how do you find out who they are?
Become a Patron of Ask Leo! and go ad-free!
The idea behind the BCC feature of email is simply this: when sending an email to someone (say a customer), you also want to send a copy of that email to someone else (perhaps your boss) without that being evident on the outgoing email. Adding that someone to either the “To:” or “Cc:” lines would be obvious: they’d be listed in the email that’s sent to the original recipient.
BCC simply sends the email to someone without their name being on the email at all. That’s what “blind” is all about: you can’t see that they’ve been sent the email. In fact, recipients of the email can’t tell whether anyone was BCC’ed or not. The information simply isn’t included in the email message.
Normally, BCC is intended to be used in addition to whomever is addressed on the “To:” or “Cc:” lines, but that’s not a requirement. It is quite possible to send an email message with only BCC’ed recipients. As a result, there’s nothing to place into the “To:” or “Cc:” lines.
When that happens, some email programs automatically put the phrase “undisclosed recipients” (or something similar) in the “To:” line to indicate that this was on purpose: the email was sent to one or more people without revealing who they are.
Disclosing undisclosed recipients
This brings us back to the original question: how do you find out who the email was sent to?
That’s the whole point of BCC. That’s what “undisclosed” means. The information about who the email was sent to is not included in the email. There is simply no way of determining if it was sent to anyone else, and if so, who.
Once upon a time…
There were email programs that got the whole concept of Bcc: and undisclosed recipients wrong. They included the BCC’ed recipients in normally hidden headers that anyone could read if they knew how. But that was a serious bug and has long since been resolved.
Similarly, it’s conceivable that corporate email systems could also somehow expose BCC’ed recipients, but these are systems where everyone is on the same email system, so the email does not travel across internet email servers.
In practice, though, today’s email programs simply don’t disclose undisclosed recipients.
It would be wrong to do so.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,