BCC encrypted email forking in Outlook Web Access

Enabled by default, OWA's BCC Encrypted Email Forking feature prevents blind carbon copy recipient information from being leaked when users send encrypted emails. Learn more about how this feature works and discover the storage side effects it can create.

Outlook Web Access (OWA) has a feature called BCC Encrypted Email Forking that prevents blind carbon copy (BCC) recipient information from being leaked when users send encrypted emails. This feature is documented in OWA's manuals, but its implications are not typically well understood.

When you use Outlook Web Access to send an encrypted message with BCC recipients, the BCC Encrypted Email Forking feature saves a separate copy of the message for each recipient in the BCC field.

Enabled by default in OWA, the email forking function exists for the sake of email privacy and security. It prevents a full copy of the BCC list from appearing in the email's encryption certificate list -- where it could be seen by anyone who went looking for it. The certificate list is normally hidden from the user, but it's a trivial job to read the list if you know what you're doing.

The one downside to using OWA's BCC Encrypted Email Forking feature is that a separate copy of each email has to be stored for each BCC recipient -- and since each message is technically unique, they cannot be all stored as one message via single-instance storage.

However, if you have good policies in place that enforce the maximum size of outgoing messages, storage is usually cheap enough that this is not a concern. It's more worth your while to worry about "secure" email suddenly not being so secure anymore than it is to worry about the amount of space being used.

The folks at Cryptigo, makers of secure e-mail solutions, have also written about this problem and have a blog post that discusses some other implications of using email forking.

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter.

Do you have comments on this tip? Let us know.

Related information from SearchExchange.com:

  • Administration Guide: An administrator's guide to Outlook Web Access
  • Expert Advice: Tracking blind-copied email
  • Tip: Don't break single-instance storage during a mailbox migration
  • Reference Center: Exchange Server data management and storage tips

    Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.

  • This was first published in October 2006

    Dig deeper on Outlook Web Access

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchWindowsServer

    SearchEnterpriseDesktop

    SearchCloudComputing

    SearchSQLServer

    Close