If you are foolish enough to let folks know you won't be at home, and someone is of a mind to do this, you're screwed. The reason is, the OoO messages are only in response to an email someone sent you. That means they already have your name and the company you work for. If they don't already have your home address, a minor amount of social engineering at your workplace, or even a bit of googling, will reveal where you live.
Kurt On Fri, Aug 15, 2008 at 10:25 AM, Eric Woodford <[EMAIL PROTECTED]> wrote: > My point was even if you did say "I am traveling to the North Pole for a > month". What's to say I'd be able to find your house to sell all your > furniture and worldly treasures. Last count, there are at least 9 people > with my same name. > > On Fri, Aug 15, 2008 at 9:07 AM, Don Andrews <[EMAIL PROTECTED]> > wrote: >> >> Agreed – not being in the office actually increases the chances of my >> being at home – no access to email simply says, don't even try to bother me. >> >> >> >> Now, on the other hand, if it said something really stupid like, I'll be >> out of (town|state|country) for a week, that would be different. >> >> >> >> ________________________________ >> >> From: Sobey, Richard A [mailto:[EMAIL PROTECTED] >> Sent: Friday, August 15, 2008 8:14 AM >> To: MS-Exchange Admin Issues >> Subject: RE: OOOR? >> >> >> >> Arrg! This tired old debate. What does not being at work have to do with >> not being at home?! >> >> >> >> From: Eric Woodford [mailto:[EMAIL PROTECTED] >> Sent: 14 August 2008 18:16 >> To: MS-Exchange Admin Issues >> Subject: Re: OOOR? >> >> >> >> Your OOTO says "I will be out of the office between Monday and Friday with >> no access to email". That really says "My house will be empty, please come >> and help yourself". >> >> Interesting concept, terribly difficult to implement. Unless I know you >> personally and have visited your house, finding your specific address, >> traveling there (especially being that you're across an ocean from me), >> breaking in and then hoping you have something of value worth the entire >> endeavor (all before you get back from vacation). That's all assuming you >> don't put your home address and "keys under the mat" in your signature. >> >> >> >> >> On Mon, Aug 11, 2008 at 12:38 PM, Simon Butler <[EMAIL PROTECTED]> wrote: >> >> If you do allow OOTO to the Internet then watch your queues. As spam is >> spoofed the OOTOs will stack up. >> >> However the social engineering and personal security issue is very >> important. >> >> Your OOTO says "I will be out of the office between Monday and Friday with >> no access to email". >> That really says "My house will be empty, please come and help yourself". >> >> The way that I usually counter the OOTO to the internet request is quite >> simple. How does it look to business partners, either potential or current? >> >> To use the example above, what that could be interpreted to say is "Your >> custom is not important enough for me to get someone else to monitor my >> mailbox for a week, I will read it when I get back". >> >> If you do implement OOTO then a template would be the best option. The >> template wouldn't give much information away, and would tell the sender that >> the mailbox is being monitored. Someone would then need to monitor the >> mailbox, even if it is just to ping the sender back to say that the person >> was away, is it urgent or can it wait. >> >> Simon. >> >> -- >> Simon Butler >> MVP: Exchange, MCSE >> Amset IT Solutions Ltd. >> >> e: [EMAIL PROTECTED] >> w: www.amset.co.uk >> w: www.amset.info >> >> Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? >> http://CertificatesForExchange.com/ for certificates from just $23.99. >> Need a domain for your certificate? http://DomainsForExchange.net/ >> >> >> >> >> -----Original Message----- >> From: William Lefkovics [mailto:[EMAIL PROTECTED] >> Sent: 11 August 2008 20:29 >> To: MS-Exchange Admin Issues >> >> Subject: RE: OOOR? >> >> You probably got several in response to that post. >> >> Spammers don't care about OOFs. They don't nickel and dime addresses. >> >> There is sometimes juicy social engineering information within the OOF >> though. >> >> >> -----Original Message----- >> From: Jim Dandy [mailto:[EMAIL PROTECTED] >> Sent: Monday, August 11, 2008 10:08 AM >> To: MS-Exchange Admin Issues >> Subject: OOOR? >> >> I'm curious if others are allowing out of office replies to the internet? >> I've heard it's a bad idea because spammers use it to harvest valid >> addresses. Thanks for your comments. >> >> Curt >> >> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ >> ~ http://www.sunbeltsoftware.com/Ninja ~ >> >> >> >> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ >> ~ http://www.sunbeltsoftware.com/Ninja ~ >> >> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ >> ~ http://www.sunbeltsoftware.com/Ninja ~ >> >> >> >> >> >> >> >> >> >> > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
