non BCC - the gift that keeps on giving
But even better from a security snakeoil company
Depending what they are using for emails, set up some rules to prevent this. If the email solution dos not allow mail server (be it on prem / cloud) to be configured this way then find a solution that does...
Alternative is mail client that plays safely (but want server solution as nothing to stop someone using alternative email client and circumventing client based bcc enforcement)
If a user can accidentally cc in a list, sooner or later they will (even the dedicated, competent and careful can mis-send after a long & stressful day) so it needs to be set up to not leave the mail server.
Biting the hand that feeds IT
