Hello,
In Exchange 2010, BCC recipient information was limited to the journal report and expunged from the attached email's header by Exchange if EWS was used for message retrieval.
Apparently, this has changed with recent versions of Exchange 2013 and Exchange 2016. Now, not only the journal report but also the attached email's header contains the full BCC recipient list. This is true for standard (database) journaling as well as for
journaling rules.
If this change is intentional, it would render the journaling report pretty much obsolete because the full sender and recipient information is already part of the attached "original" email itself. But worse, it could pose a security threat for any archiving solution that use the information in the journal report to get senders and recipients and then archive the attached email as is. BCC information would be disclosed to recipients of Exchange-internal mails that way.
Any thoughts? Thanks!
Björn