A constant source of annoyance for many technically-inclined computer users is mass mailings from more nontechnical users that expose every recipient's email address to everyone else. Perhaps a simple UI change is in order.
A constant source of annoyance for many technically inclined computer users is mass mailings from more nontechnical users that expose every recipient's email address to everyone else. Perhaps a simple UI change is in order.
While writing Why your college uses Microsoft Windows for everything, I revisited some old essays written by Dave Gutteridge about why people do not make the switch from MS Windows to open source (and free of licensing cost) operating systems. In one of these (No Really -- Windows Is Free) he comments on the way many end users send emails:
Take, for example, the fact that almost none of my non-computer minded friends ever use, or understand, the "BCC" field that is in every single email client available. They don't even know it's there. I've given up trying to explain it to them, and have come to accept that every now and again, one of my friends will send every email address of everyone they want to contact to everyone else they know.
This brings to mind an article more than two and a half years old: Interface design is security design. Obviously, something has failed in standard mail client UI design if what Dave Gutteridge said accurately describes the reality of email usage amongst nontechnical end users. Given my own experience with parents, other relatives, and a number of acquaintances over the years, no reason to dispute his estimation comes to mind. I have even made the effort to educate some of my relatives and other acquaintances on the proper use of the Blind Carbon Copy field in various email clients, but eventually I receive another email with my address and those of a number of people whose names are totally unfamiliar to me displayed for all to see in the To field.
The use of the BCC field when sending emails is a privacy matter and, because privacy is security, that makes it a security matter. There are those who would claim that security and usability are largely incompatible, that you have to sacrifice usability to get security, but for most purposes that simply is not true. Good usability design takes security into account, and ensures that doing the right thing is the easy thing to do.
RFC 2822, Section 3.6.3 defines the To, CC, and BCC header fields of an email. Nowhere in that, nor in the table in section 3.6, does it suggest that the To header field needs a value. If I have overlooked something in this regard, someone let me know.
Assuming for the moment that filling in the To field is unnecessary for standards compliance, and knowing that people tend to just pile every recipient email address into the default address field, the answer seems obvious: make the BCC field the default address field for outgoing emails in your email client application. While a BCC label is a good idea for purposes of informing more technically inclined users about the specifics of what they are doing, there is nothing to say that another label cannot be applied to make it clearer this field is where the addresses go. In fact, if I were designing a GUI email client application today, I would probably provide only a single outgoing address field by default with a button available to expand the field into more fields for "More Options" in case someone wants more fine-grained control (such as the technically savvy user).
The end result is that, for most users, all recipient email addresses go in the BCC field, all the time. For the inevitable mass mailing of some chain-letter, forwarded-spam-HTML email, people's addresses would then not be exposed to other people on the list that they have never met.
What are the downsides?
Perhaps, I should get into the business of Webmail interface design some day.