diff --git a/src/applications/metamta/replyhandler/PhabricatorMailReplyHandler.php b/src/applications/metamta/replyhandler/PhabricatorMailReplyHandler.php
--- a/src/applications/metamta/replyhandler/PhabricatorMailReplyHandler.php
+++ b/src/applications/metamta/replyhandler/PhabricatorMailReplyHandler.php
@@ -197,6 +197,36 @@
     // for now.
     $recipients = $tos + $ccs;
 
+    // Check if all recipients have proper permissions to the object
+    // Remove them from the list otherwise
+    $recipient_users = id(new PhabricatorPeopleQuery())
+      ->setViewer(PhabricatorUser::getOmnipotentUser())
+      ->withPHIDs(array_keys($recipients))
+      ->execute();
+    $recipient_users = mpull($recipient_users, null, 'getPHID');
+    phlog($recipient_users);
+
+    // Check if user has permissions to view this object
+    foreach ($recipients as $phid => $recipient) {
+      if ($this->mailReceiver
+        && $this->mailReceiver instanceof PhabricatorPolicyInterface
+        && idx($recipient_users, $phid)
+        && $recipient_users[$phid] instanceof PhabricatorUser) {
+        if (!PhabricatorPolicyFilter::hasCapability(
+          $recipient_users[$phid],
+          $this->mailReceiver,
+          PhabricatorPolicyCapability::CAN_VIEW)) {
+          // User has no permission to this object
+          // so remove them from the recipient list
+          unset($recipients[$phid]);
+        }
+      }
+    }
+
+    if (!$recipients) {
+      return $result;
+    }
+
     // When multiplexing mail, explicitly include To/Cc information in the
     // message body and headers.
 
diff --git a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
--- a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
+++ b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
@@ -1931,8 +1931,8 @@
 
     $email_to = array_filter(array_unique($this->getMailTo($object)));
     $email_cc = array_filter(array_unique($this->getMailCC($object)));
-
     $phids = array_merge($email_to, $email_cc);
+
     $handles = id(new PhabricatorHandleQuery())
       ->setViewer($this->requireActor())
       ->withPHIDs($phids)