When forwarding an email, what risks or problems are there when all of the
prior email addresses are included?
Well, first of all, I want you to make sure that you really want to forward
that email. If it’s something that’s pages and pages of email addresses
followed by some content, it sure does feel like it might be an urban legend
shouldn’t be forwarded at all.
But, assuming that the email is something to legitimately forward, it all
boils down to a couple of things:
Spam and privacy.
Forwards of forwards
The most common situation is an email that’s been forwarded several times:
From: firstname.lastname@example.org Subject: Fw: Cautionary Tale To: email@example.com, firstname.lastname@example.org, email@example.com This is important, be sure to read, and spread the word: From: firstname.lastname@example.org Subject: Fw: Cautionary Tale To: email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org From: email@example.com Subject: Fw: Cautionary Tale To: a huge long list of email addresses... Finally, maybe, that "Cautionary Tale".
You get the idea. Before you even get to see the body of the original email, you see a long list of Froms, Tos and often Ccs that include the email addresses and often the names of everyone that the email had been sent to prior to reaching you.
It goes without saying that it’s at least annoying to have to wade through all of that to get to the meat of the message.
But that’s not the real problem.
Unfortunately, spammers often get their hands on these emails. Be it via a typo, or having hacked someone’s account, the email lands in the hands of someone whose goal is to send out lots of garbage email in the form of spam.
They don’t care about the message, but they love, love, love all of those forwards that are in it.
Because it contains a list of known valid email addresses.
To a spammer, that’s gold.
When this happens, all of those email addresses are about to get a lot more spam.
By not removing all of the forwards from the beginning of the message before forwarding it on yourself, you’ve just made it that much more likely that all of those people will get more spam.
Whether or not spammers get their hands on the email, the people you forward it to do.
I’ll admit to looking at the forwards or CCs on email like this that I receive to see if there’s anyone I recognize. I haven’t, but I could say, “Hey, that’s so-and-so, and I don’t have an email address for him yet – now I do!”
I don’t do that because, to be honest, it’s kinda creepy. Collecting email addresses from email that someone else forwarded you and failed to clean up like that just seems wrong.
And yet there are people who’ll do exactly that.
By not removing all of the email addresses and headers from the beginning of the message before forwarding it on yourself, you’ve just shared all of those names and email addresses with everyone whom you might send it to, the people that they might forward it to, and the people that those people might forward it to, and so on and so on.
Given all of the concerns about keeping your personal information safe these days, realize that that’s a huge privacy breach that you’re participating in.
Naturally, when you forward a message, your email address will at least show up as the From: address. When people subsequently forward that message again without removing the From: line, they’ll be sharing your email address with whomever they send the message to.
Are you still sure that you want to forward that message?
If so, you may want to consider which email address you use. This could be a perfect situation to use a throw-away email address that you don’t care about from a free email provider.
But do realize that whatever email address that you send from it has a very high probability of being inadvertently shared with dozens, if not hundreds, of people you don’t know.
Protecting your friends
You can protect yourself only somewhat by using a throw-away email account, but you can protect your friends, completely:
Protect the person who sent it to you and all of the people mentioned in the email headers left in the message by editing the message before you click Send. Remove the From:, Cc:, and whatever other lines make sense at the beginning of the message. In other words, remove all of those email addresses from the body of the message before you send it.
Protect the people who you’re forwarding it to by using BCC. Don’t send it To: any of them – send it To: yourself. Don’t Cc: anyone. Use Bcc:, which will send the email to all of those listed there without including their email address in the headers or the body that others might see.
That’s all that it takes. It’s pretty simple, really.
The ultimate protection
Don’t forward crap.
I hate to be that blunt or crass about it, but this problem comes up most often when people are forwarding humor or political rants or urban legends or fake warnings or other … crap.
Sorry, but that’s the right word.
Don’t forward on crap that doesn’t need to be forwarded, and in fact should not be forwarded on at all.
Think hard two or three times before hitting Forward. Then think again. Don’t believe everything that you get and do a little research before deciding what to believe. That, too, is simple and can save you a lot of embarrassment should what your forward turn out to be …
Well, like I said, there’s really no better word for it.
… should what your forward turn out to be crap.