Langa Letter: The Danger In Auto-Reply Messages - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:59 PM
Fred Langa
Fred Langa

Langa Letter: The Danger In Auto-Reply Messages

Don't let your ''I'm away'' and other automatic messages come back to haunt you. Fred Langa has a solution.

Reader Tim Downey succinctly expressed an idea that's been slowly taking shape in my mind for some time:

Hi, Fred, I know a lot of your readers are IT professionals, as I am myself. So I'm writing you hoping that perhaps we can get the word out among IT professionals and allow them to discuss and decide whether auto replies for E-mail are a good idea anymore.

Specifically, I'd like to mention these auto replies I'm now getting thanks to the Sobig.F virus. Many companies have E-mail filtering or their anti-virus programs set up to auto reply to a sender when they receive an E-mail carrying a virus. As most IT folks know, Sobig.F uses an E-mail from an infected PC's contact list and makes it appear as though that E-mail address is the sender or originator of the virus. My problem now isn't the Sobig virus; our filtering handles that just fine. But now my E-mail account is getting bombed with these auto replies stating that my E-mail was rejected because it contained a virus. Unfortunately, possibly someone with my E-mail address has become infected and my E-mail address is being used as the sender of the E-mailings. This auto-reply feature was a good idea when it first came out. But thanks to Sobig, now it's simply contributing to the junk traffic along the Internet lines.

I'd also like to throw in my personal take on users setting up auto-reply vacation messages on their E-mail accounts. I occasionally get calls from users asking if I can set up a vacation auto reply to their E-mail box. I respond to the requests by trying to discourage the use of auto reply simply because of spam. Auto reply is fine for a legitimate business contact, but unfortunately if a spammer gets an auto reply from an email address, it will verify that the E-mail address is a good working address and the user will likely get more spam in the future. I normally advise users to send an E-mail to all of their contacts advising them of being away instead of using the auto reply and if possible using Web mail to check their E-mail. Thanks, Fred, and I hope word gets out. My E-mail inbox will appreciate it.

-- Tim Downey

Tim is right. Auto-reply messages can cause more trouble than they prevent.

Indeed, this is especially true with worms that propagate by forging headers (inserting an innocent party's E-mail address into the "from" field of an infected message). It's annoying when it happens to a personal E-mail address, but in the case of a business that may have sent out thousands or even millions of valid E-mails to customers or contacts, the odds approach 100% certainty that the innocent business's E-mail address(s) will get picked up and re-used many, many times by a worm or virus, resulting in a torrent of "message rejected" bounce mails flooding back to choke the business's servers--even though the business did nothing wrong! The amount of system time and bandwidth wasted in processing these unnecessary, misdirected messages is truly enormous.

And, yes, even seemingly harmless vacation notices can cause similar problems, albeit on a more limited scale. In my own case, when I send out an E-mail newsletter to 160,000 subscribers, I get back a small flood of useless and unneeded out-of-office or vacation messages. They serve no purpose, and although they can be filtered, these messages still are a waste of time and bandwidth. For companies with larger mailing lists than mine, even ostensibly innocuous "away" or vacation messages will generate a ton of garbage E-mail that has to be received, filtered, and disposed of. Then there's looping: Although some E-mail clients watch for this, it's also possible for two auto-reply robots to enter an endless loop of auto-replies replying to auto-replies!

Part of the problem is the ease with which auto-replies can be set up. In personal E-mail accounts, for example, tools like Outlook's "Out of Office Assistant" make the process seem simple, but also hide the fact that a broad-brush auto-reply is extremely crude and may even be dangerous: Ironically, people who would never consciously reply to spam mail may blithely set up an out-of-office or other auto-reply message without realizing that these messages will reply to everything that arrives in the mailbox, including spam mails trolling for live addresses.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 3
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll