I got a request that I wanted to run by everyone here. A user sent an email and CC'ed a group from his personal address book. He was alarmed when he realized that the group was broken out and listed under the message properties, viewable by all recipients. I think he wanted recipients to know who the email went to, but not the actual contacts from within the group, which means BCC wouldn't be an option. I believe everything is working as intended and the behavior is even specified in RFC 2822.

Is there any way to obfuscate the contacts of a group when added to the TO: or CC: field without using BCC:?