Langa Letter: The Danger In Auto-Reply Messages - InformationWeek
02:59 PM
Fred Langa
Fred Langa

Langa Letter: The Danger In Auto-Reply Messages

Don't let your ''I'm away'' and other automatic messages come back to haunt you. Fred Langa has a solution.

Reader Tim Downey succinctly expressed an idea that's been slowly taking shape in my mind for some time:

Hi, Fred, I know a lot of your readers are IT professionals, as I am myself. So I'm writing you hoping that perhaps we can get the word out among IT professionals and allow them to discuss and decide whether auto replies for E-mail are a good idea anymore.

Specifically, I'd like to mention these auto replies I'm now getting thanks to the Sobig.F virus. Many companies have E-mail filtering or their anti-virus programs set up to auto reply to a sender when they receive an E-mail carrying a virus. As most IT folks know, Sobig.F uses an E-mail from an infected PC's contact list and makes it appear as though that E-mail address is the sender or originator of the virus. My problem now isn't the Sobig virus; our filtering handles that just fine. But now my E-mail account is getting bombed with these auto replies stating that my E-mail was rejected because it contained a virus. Unfortunately, possibly someone with my E-mail address has become infected and my E-mail address is being used as the sender of the E-mailings. This auto-reply feature was a good idea when it first came out. But thanks to Sobig, now it's simply contributing to the junk traffic along the Internet lines.

I'd also like to throw in my personal take on users setting up auto-reply vacation messages on their E-mail accounts. I occasionally get calls from users asking if I can set up a vacation auto reply to their E-mail box. I respond to the requests by trying to discourage the use of auto reply simply because of spam. Auto reply is fine for a legitimate business contact, but unfortunately if a spammer gets an auto reply from an email address, it will verify that the E-mail address is a good working address and the user will likely get more spam in the future. I normally advise users to send an E-mail to all of their contacts advising them of being away instead of using the auto reply and if possible using Web mail to check their E-mail. Thanks, Fred, and I hope word gets out. My E-mail inbox will appreciate it.

-- Tim Downey

Tim is right. Auto-reply messages can cause more trouble than they prevent.

Indeed, this is especially true with worms that propagate by forging headers (inserting an innocent party's E-mail address into the "from" field of an infected message). It's annoying when it happens to a personal E-mail address, but in the case of a business that may have sent out thousands or even millions of valid E-mails to customers or contacts, the odds approach 100% certainty that the innocent business's E-mail address(s) will get picked up and re-used many, many times by a worm or virus, resulting in a torrent of "message rejected" bounce mails flooding back to choke the business's servers--even though the business did nothing wrong! The amount of system time and bandwidth wasted in processing these unnecessary, misdirected messages is truly enormous.

And, yes, even seemingly harmless vacation notices can cause similar problems, albeit on a more limited scale. In my own case, when I send out an E-mail newsletter to 160,000 subscribers, I get back a small flood of useless and unneeded out-of-office or vacation messages. They serve no purpose, and although they can be filtered, these messages still are a waste of time and bandwidth. For companies with larger mailing lists than mine, even ostensibly innocuous "away" or vacation messages will generate a ton of garbage E-mail that has to be received, filtered, and disposed of. Then there's looping: Although some E-mail clients watch for this, it's also possible for two auto-reply robots to enter an endless loop of auto-replies replying to auto-replies!

Part of the problem is the ease with which auto-replies can be set up. In personal E-mail accounts, for example, tools like Outlook's "Out of Office Assistant" make the process seem simple, but also hide the fact that a broad-brush auto-reply is extremely crude and may even be dangerous: Ironically, people who would never consciously reply to spam mail may blithely set up an out-of-office or other auto-reply message without realizing that these messages will reply to everything that arrives in the mailbox, including spam mails trolling for live addresses.

1 of 3
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll