Is Outlook auto responder security problem?

[Guest]

I am using Outlook 2003 SP2 for inter office mail as well as outside contacts
with trusted clients. When I post an "out of office" auto response is there
anyway to prevent that from sending spammers and phishers my contact info
(MAC, IP, e-mail addresses) so that they now have a valid target and info to
spread to others like them?

 

[Phillip Windell]

I don't think so.

The goal is to filter the spam well enough that it never gets to your box.

However consider that almost all of the return addresses are "fake",...so it
isn't going back to the spammer anyway. Most of the time it doesn't go anywhere
and just "bounces". So that old worry of letting the spammer know you are
"alive" is not really relevant anymore,...that dates back to when spammers used
their real return addresses that you could actually reply to.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed (as annoying as they are, and as stupid as they sound), are
my own and not those of my employer, or Microsoft, or anyone else associated
with me, including my cats.

 

[Brian Tillman]

I am using Outlook 2003 SP2 for inter office mail as well as outside
contacts with trusted clients. When I post an "out of office" auto
response is there anyway to prevent that from sending spammers and
phishers my contact info (MAC, IP, e-mail addresses) so that they now
have a valid target and info to spread to others like them?

By default, Exchange will not send OO messages to any outside address. If
external; addresses receive OO messages, then your Exchange admins have
purposefully changed the default setting.

If you're worried spammers and phishers will obtain your address, don't.
Such messages are rarely sent from real addresses or, if the sender address
is real, it doesn't belong to the spammer, but some innocent victim of
address hijacking. Such a person is probably getting inexplicable bounces
anyway and so won't be much more puzzled by an OO message.

 

[Ray]

You may be worrying about the wrong problem.

"Outlook's Out-of-Office Assistant automatically replies to your incoming
email with a note to the sender that you are not available. While this is a
wonderful way of notifying people that they may not get an immediate
response, there is a personal safety danger.
Recall some of the automated replies you've received. Typically they will
give a note that the person is on vacation, at another facility or contain
other specific information on their whereabouts. It might even contain a
location-specific telephone number. Criminals can send out a big batch of
junk email solely to collect whatever out-of-office messages come back
providing details of absences, and cross-reference the names in the e-mail
with various online address books to discover your home addresses. People
with unusual names living in small towns are especially at risk, because
those addresses would be easier to track down.

You wouldn't go on vacation with a note pinned to your door saying who you
were, how long you were going to be away and when you were coming back. So
why would you put this information in an e-mail when you have no idea who is
going to read it?

Please consider making Out-of-office automatic replies and even voice mail
recordings as generic as possible, only stating that you are away from the
office and not where or why you are gone. Contact phone numbers should be a
telephone number in your building, not your temporary location, so someone
cannot call that number and get a hotel in another state to infer your
whereabouts and that your home and family may be unprotected."

Ray