Folks,
Convicted criminals have stated that they use these messages on phones and probably now e-mail to steal from companies. They have stated that the easiest way to steal from a company is to impersonate the identity of someone known to be out of the office.
Some of these criminals have made the headlines of the traditional press with these exploits because the thefts have been with very high amounts.
IIRC: On U.S. TV, a demonstration was done where the tester was able to get the dialup phone numbers and a senior (VP level) employee's login account and password reset, all the while that the employee was trying to demonstrate that their system was secure from skilled hackers on that same TV show.
Secret prototypes have been stolen, along with confidential documents.
And the dollar amount has been in the high thousands, if not in the million dollar range from just one of these criminals.
I strongly recommend just turning off the out-of-office feature completely.
In addition to the security problems, these messages will auto-respond to forged addresses in spam and viruses, and this turns your mail server into a participant in a denial of service attack on the rest of the Internet.
Most corporate mail systems allow mail to be temporarily read by a secondary trusted user. Use that method instead.
If you have any influence with the security policy of your company, get these auto-responders banned, and the same for having any phone messages that indicate how long your identity can be spoofed with no one at your company being able to easily reach you.
Essentially these messages are now the same as not stopping your news and mail delivery while on vacation.
And mailing list traffic is clearly marked so in the headers, so any auto-responder that responds to them is not compliant with RFC standards.
In addition to the messages to this list, I got two messages from broken auto-responders from my last post.
-John [EMAIL PROTECTED] Personal Opinon Only
PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING:
http://www.catb.org/~esr/faqs/smart-questions.html
