Using and Testing Cc and Bcc in SMTP Protocol

When we were implementing the Bcc testing feature in Mailtrap, we reviewed many frequently asked questions on different forums and platforms like Stackoverflow. How does Bcc work and where is it visible, how does it differ from Cc, where should it be used and where avoided – these are the most popular topics. Before demonstrating how you can test Bcc in your sent messages with Mailtrap, we’ll provide you with the most requested information about Bcc in this short guide. 

The difference between Cc and Bcc in emails

What is Cc?

Cc stands for the carbon copy. So, the names of copies refer to those times when messages were hand-written. Cc is a standard header aimed at notifying the recipients about the content of the message. If addresses specified in the “To” field are primary, those in “Cc” are secondary. Here, email addresses in “To” and “Cc” fields are visible to all message recipients. 


What is Bcc?

Bcc stands for the blind carbon copy. It’s like an additional copy. Email addresses put in the Bcc field are invisible to all other recipients. This way, the one who is Bcc’ed will get a message, will see other direct or copied recipients but will remain unrevealed. Other Bcc’ed recipients won’t be able to see each other as well. That’s why it is frequently used for mass mailing. 

It’s commonly suggested that Bcc is an SMTP header as well. But in fact, it’s not! That’s why Bcc is pretty difficult to test in a non-production environment. 

For a better understanding of how to use Bcc, let’s refer to the basics of SMTP. 

How does Bcc in SMTP work?

SMTP (Simple Mail Transfer Protocol) is dedicated for email transmission. Each email sending activity is an SMTP session. It consists of the commands exchange between an SMTP client – the sender, and the SMTP server – the receiver. The commands are standardized and can be transferred within one of the main groups, or sequences.

MAIL defines the sender of the message and establishes the return address as well. The “From” command refers to MAIL. MAIL is issued once per session, so you can’t send one and the same message from several senders at once.

RCPT settles the recipients of the message. It includes a list of email addresses, which later will be transformed to “To”, “Cc”, and “Bcc” as well. RCPT commands are repeated – they are issued once per each recipient. At this step, there is no difference between primary, secondary, or hidden email receivers. 

DATA determines the content of the message. It includes everything that the recipient will see as an incoming message: both headers and the body of the message. It means that when you get a new message, you can see

  • who sent it (in the “From” field)
  • who should receive it (in the “To” and “Cc” fields)
  • what the message is about (in the “Subject” and the message body). 

But where is the Bcc address? Here is how it is blind. In SMTP, Bcc is not printed out to DATA like message headers. Even if you are Bcc’ed recipient, you won’t see your email address in the list. 

How to use Bcc: best practices 

You can add Bcc in almost any email client, system, or email library. However, it is a quite moody feature in terms of using and testing. 

There are rules of email etiquette stating that Bcc is suitable in two situations only: introducing someone via email and mass email sending. 

When sending emails from your app, there are two main uses cases of adding Bcc as well:

  1. Informing the specific people when sending notifications to users (for example, your support team, site admin, accountant, etc.).
  2. Monitoring real-time latest copies of emails with the correct variables. Developers can Bcc Mailtrap inbox in their production environment and check notifications their users get. For example, “Email Verification” Bcc can have “verify-prod-your-id@inbox.mailtrap.io” address. Assigning different emails to different cases, you will sort different types of messages to appropriate inboxes.  This way, you can test dynamic content in your onboarding emails, for example. 
  3. Sending mass emails to undisclosed recipients – a group of people who shouldn’t see each other’s addresses. This use case is possible and it still exists but it’s not recommended. In previous years, when email sending platforms were not so popular, Bcc was frequently used for sending mass emails and, of course, spam. That is why a long Bcc string or “undisclosed recipients” in the To header might be marked as spam in many cases. When you work with Bcc, don’t forget to check the spam score of your message while testing. If your email library/package supports sending emails in a loop, it might be a good alternative for Bcc to avoid spam. 

How to test Bcc in emails 

Whether you send notifications or mass emails, you need to make sure that your message is sent to Bcc’ed recipients and is not marked as spam. 

Bcc is a blind copy and is not displayed in the headers of the received message. This is why it is so difficult to test and debug it. Keeping SMTP rules in mind, to check Bcc addresses, you should compare headers of the received messages (DATA) and the recipients (RCPT TO). Those, which are present in RCPT TO and are missing in DATA, are blind carbon copies. Also, you still can experiment with your own email addresses, comparing what you sent and what you received in the end, in different email clients. Sounds complicated, no?

Bcc support in Mailtrap

You can easily test and debug Bcc email addresses with Mailtrap, without a need to compare data manually or flood your inboxes with test emails. Mailtrap imitates the work of a real SMTP server, and you will instantly see the messages sent with it in your virtual inbox:

Bcc in the email in the Mailtrap inbox

If your message contains Bcc’ed recipients, you will be able to see them along with the message headers (From, To, Cc), after pressing “More info”. Bcc won’t be displayed in a real email! Mailtrap analyzes SMTP commands of the message, compares message headers and recipients, and then prints out the difference to the Bcc field for your convenience. 

Also, you can see the detailed list of email addresses used in this message (in MAIL and RCPT TO commands) in the SMTP info tab:

SMTP info - Bcc in Mailtrap

Besides, you can check the message data (DATA) and all the headers, which will be available tor a real recipient in the Raw tab:

Bcc is not displayed in Raw tab in Mailtrap

As you can see, Bcc is not displayed here. This way, you can be sure that Bcc works properly. 

In case there was no Bcc in your message (or there was no difference found between message headers and RCPT TO), you will see the corresponding message in the Bcc field in Mailtrap:

No Bcc information in the email message - Mailtrap

Please note that for emails trapped in Mailtrap inboxes before the Bcc feature release, SMTP info was not calculated. You will see “There is no info to calculate Bcc” and “No SMTP info” messages in the related fields.

Also, remember that adding multiple Bcc’ed addresses  might have a negative effect on the spam score. In Mailtrap, the spam score is not affected by the Bcc’ed emails, though.

Bcc in a nutshell

Bcc is a popular feature available in a majority of email clients and libraries. However, you should be careful and not overuse it in order not to get into an awkward situation or end up in a spam folder. 

Because Bcc is not displayed as a message header, it’s quite complicated to test it. However, it is a highly requested feature.  With Mailtrap, you can:

  • check SMTP info with a list of all email addresses (From, To, Cc, and Bcc)
  • see if there were any Bcc’ed addresses listed in your message (we compare DATA and RCPT TO and display the difference)