OT: PHB time...

[am.lists]

On 3/13/07, Matt Hayes <dominian at slackadelic.com> wrote:
> Kevin Miller wrote:
> > OK, so my boss who is normally an otherwise reasonable guy, calls me
> > into his office and says one of the department heads wants out of office
> > turned on for internet mail.  He knows that people are tarred and
> > feathered for doing that on mail lists, but thinks that the mail lists
> > should be filtering those - that with a short case statement they could
> > easily do that.  I tried to persuade him otherwise, but he's going to
> > poll the other directors and see if it's something they want.  Of course
> > they will, not understanding a broader perspective.  Sigh.
> >
> > It seems like there were other reasons than just list servers that make
> > it a bad idea to have out of office messages turned on but I'm not
> > really sure what they might be.  I suggested that they provide feedback
> > to spammers but he was unconvinced.  So, although it's somewhat OT, I'm
> > asking here because I can't think of a more enlightened group of mail
> > admins; what are some good solid reasons beyond people on list servers
> > hate them, not to publish an out of office reply over the internet?
> >
> > Thanks...
> >
> > ...Kevin

You mention this guy being a director... How about the security threat
(information disclosure) that this guy: #1 has a valid email address
to spammers, #2 it could reveal his real name (e.g. "Jim Bob Malloy is
out of the office") to a hacker. #3 it could reveal his real name and
the fact that he is out of the office to a phisher/other person with
malfeasance on their minds, especially if it says when he'll be back;
that gives criminals a definite window of opportunity.

If you have a security (aka IT Risk Management) group, they may have
some "policy" cards they could deal out in cases like this.