Langa Letter: The Danger In Auto-Reply Messages - InformationWeek
02:59 PM
Fred Langa
Fred Langa

Langa Letter: The Danger In Auto-Reply Messages

Don't let your ''I'm away'' and other automatic messages come back to haunt you. Fred Langa has a solution.

Hardball Solutions
The "take no prisoners" approach simply is to reject auto-replies from others, and not to use them yourself:

First, I suggest that you set your own E-mail filter to discard, unread, any auto-reply E-mails you get. This will not only remove these mostly useless messages from your in-box, but also will help you to avoid any hostile attachments these mails may carry.

It's easy: Use your E-mail client's filter settings (Microsoft calls them "message rules") to discard or "move to trash" any E-mail with the most-common auto-reply words and phrases in any headers. You can sort your own E-mail to see which phrases you most often get, but as a start, try these:

autoreply; auto reply; auto-reply; autoresponse; auto response; auto-response; autorespond; auto respond; auto-respond; out of office; out-of-office; away message; vacation message; I'm away; I'm out on vacation; on holiday

...and so on.

If you correspond with non-English speakers, you may wish to filter for similar words and phrases in other languages, too. As one example, I have several variations of "Automatisch antwoord bij afwezigheid" ("autoreply due to absence" in Dutch) in my filter list.

Second, I suggest that you never, ever enable an auto-reply for your personal E-mail. I concur with Tim: If you feel you must inform your correspondents of things like your vacation plans, notify them in advance with a group E-mail: Send a single E-mail to yourself, and BCC (blind copy) all the recipients you wish to notify of your plans. If they know you'll be gone, they won't send you E-mail; or at least they won't expect an immediate reply. Thus, you simply can prevent the need for an auto-reply "away" message in the first place.

Third, at the server level, I suggest using auto-replies only with great care. An "addressee unknown" or "mailbox full" auto-reply may provide useful information to the sender, but messages like "virus detected" or "your E-mail has been rejected due to prohibited content" are useless. If you're throwing out an E-mail, just throw it out: No explanation is needed. If the sender is legitimate and the E-mail is important, he or she will follow up and find another way to contact the recipient.

Or, if you feel that silent deletion is too dangerous, consider letting only the intended recipient know that an E-mail wasn't delivered, who sent it, and why it was rejected. Then, if the recipient recognizes the sender, he or she can take steps to ensure re-delivery.

Less-Extreme Options
What if you must use an auto-reply due to business policies or other unavoidable reasons?

In your personal E-mail, set up the auto-reply manually, rather than using the "Out Of Office Assistant" in Outlook, or its equivalent in your E-mail client. By using a manual, custom filter or mail rule to handle your "away" message, you can ensure that it only goes out to those who legitimately might need to know your status. For example, let's say you work for XYZ Corp. You'd set up the filter or mail rule to first see if the inbound mail is coming from an XYZ domain (e.g., from an "" address), and if it is, only then to reply with your away message. This way, your XYZ co-workers will get your away auto-reply, but spammers and random outside E-mailers will not.

Another option can help with business E-mail addresses and hybrid personal/business addresses where some form of auto-reply is always necessary or desirable. For example, you may need to let customers know that their E-mail has been received and is being attended to. A good option in this case is to reply using a specific and filterable "From" address, such as NoReply@[yourdomain] or Mailbot@[yourdomain], etc. Then, set your own filters to discard, unread, any mail that comes in to the "NoReply" or "MailBot" address. This way, you can auto-reply to your customers, but not end up with spam or hostile E-mails choking your valid E-mail addresses in return. It also short-circuits any possible looping that might otherwise happen if a customer's E-mail client auto-replies to your auto-reply.

In cases where you can't change the "From" address, use a unique word or phrase in the subject line to take advantage of the fact that many simple "out of office" replies re-quote the original mail's subject line. For example, if you draft your auto reply so it has a subject line something like "XYZ Corp. received your mail," simple autoreplies to your mail will probably have a subject line something like "Re: 'XYZ Corp. received your mail.'" If you create an inbound filter to watch for and delete any E-mails that contain all or part of the phrase "XYZ Corp. received your mail" in the subject line, you can likewise short-circuit mail loops and prevent your auto-responder from replying to someone else's auto-responder.

2 of 3
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll