If you are that concerned about what information is revealed in out of office autoreplies, you should not be allowing OoO autoreplies externally anyway. They pose a far greater security risk in terms of leaking information that can be used in social engineering attacks than the risk you are worried about.
Just my $0.02
Agreeed. OoO is pointless. No point in it. I can't count how many times I post to a list, and get an e-mail back that "I am out of the office. Contact Joe @ XXX-XXX-XXXX in my absence. Until the OoO reply can be configured to not reply to spam, not reply to group mails, not reply to ... heck until it can be configured to only reply to a message that requires an immediate reply, it's useless. i.e. "Hey, hope all is well, let's do lunch when you're free" does not need a OoO reply, however "I need to know your decision on the Thompson blueprints ASAP!" does. Until OoO can make that determination, turn it off.
Evan
