I’ve written before about the general dodginess of “away notification emails” automatically set up to respond to incoming emails. Such messages usually go along the lines of:
I will be out of the office from 12/08/2006 to 13/08/2006 hunting gazelle in the Liposuction Basin.
For urgent matters, pl contact Ms Elbowgrinder/ Mr Headstrong at Tel 689023 during office hours.
Why are these a bad idea? Well, you’re basically broadcasting to anyone who sends you an email that you’re
on vacation, and therefore leaving a presumably empty house
details of when they won’t be around
giving large amounts of useful information to identity thieves or social engineers wanting to steal your password
clogging up people’s inboxes with more information than they are likely to need (if they don’t know you’re on holiday you’re probably not that close).
Anyway, I couldn’t help but be amused by a recent announcement on a security mailing list (which shall remain nameless; I don’t want to compromise security further) which prompted more than 30 autorespond messages informing senders that the recipients were on holiday/maternity leave/trips/the moon. Leaving aside the security lapse that allowed such messages to go to all recipients of the mailing list, I was surprised that these people, all of them apparently in the security field and in government, were broadcasting their movements and absence from the office. Who’s to stop someone from using this information to call up their secretary/stand-in and socially engineering their way into some lucrative information? My advice: Don’t use these autoresponds unless you don’t mind telling all and sundry about your movements.
Oh, the original mailing list email that prompted this deluge of autoresponds was one announcing details of an upcoming information security & hacking conference. No, I’m not going to say which.