We use Dimac&#039s w3Jmail component to send e-mails from our ASP pages. We have one application, for example, which sends a message to everyone who is subscribed to certain services we offer.<BR><BR>Well, we recently got dinged because we had hundreds of people signed up for one service, and when we sent a message using Jmail, all of their addresses showed up in the CC: field, causing quite a security stir. So, we dutifully looked through Jmail&#039s documentation, found the AddRecipientBCC command, and added this to the script. It worked, EXCEPT that all of the BCC addresses can easily be retrieved from the e-mail message headers! In the header, it shows all the various server information, then the &#039from&#039 and &#039to&#039 info, and then BCC:, followed by all of the supposedly &#039blind&#039 addresses! This is surprisingly insecure, and begs the question: did we do something wrong with our setup, or is this a big problem with the Jmail component?<BR><BR>We need to find an answer to this as soon as possible, so anyone who responds will really be helping me out. Thanks for reading, folks.