In case there is still some lack of clarity … here’s how SMTP works in respect of Bcc.
For simplicity let’s assume that you as the client are not sending out any email as such but instead just handing it to your nearby mail server and that mail server will do the heavy lifting.
The entire set of destination email addresses is sent out twice.
- As part of the SMTP interaction between client and server.
- As part of the email, which is the data payload as far as SMTP is concerned. (The email itself comprises the headers, a blank line, then the content of the email.)
If you are not using Bcc then that’s all there is to it.
If you are using Bcc then there is a difference between the two sets of destination email addresses. The Bcc addresses are omitted from the second set i.e. omitted from the email.
The sending mail client has exclusive responsibility to construct the email. So when it is constructing the headers for the email, it will omit Bcc destination addresses.
One wrinkle with this is that some receiving mail clients will detect the situation that you have received an email even though you are not listed as a recipient in the email (which is how it looks to someone who is a Bcc recipient) and just wedge your email address in to the display of the email, showing you as a Bcc recipient, or indicate that there are undisclosed recipients. However no other specific Bcc recipients can or will show up to you.
Obviously all bets are off once you wander into the proprietary MS world. If Microsoft Exchange is interacting with the non-proprietary world then it will use standard protocols (like SMTP). If Microsoft Exchange is interacting with proprietary clients or other proprietary servers then it could be that none of the above is correct.