OT: PHB time...

Ken A ka at pacific.net
Tue Mar 13 19:29:06 CET 2007



am.lists wrote:
> On 3/13/07, Matt Hayes <dominian at slackadelic.com> wrote:
>> Kevin Miller wrote:
>> > OK, so my boss who is normally an otherwise reasonable guy, calls me
>> > into his office and says one of the department heads wants out of 
>> office
>> > turned on for internet mail.  He knows that people are tarred and
>> > feathered for doing that on mail lists, but thinks that the mail lists
>> > should be filtering those - that with a short case statement they could
>> > easily do that.  I tried to persuade him otherwise, but he's going to
>> > poll the other directors and see if it's something they want.  Of 
>> course
>> > they will, not understanding a broader perspective.  Sigh.
>> >
>> > It seems like there were other reasons than just list servers that make
>> > it a bad idea to have out of office messages turned on but I'm not
>> > really sure what they might be.  I suggested that they provide feedback
>> > to spammers but he was unconvinced.  So, although it's somewhat OT, I'm
>> > asking here because I can't think of a more enlightened group of mail
>> > admins; what are some good solid reasons beyond people on list servers
>> > hate them, not to publish an out of office reply over the internet?
>> >
>> > Thanks...
>> >
>> > ...Kevin
> 
> You mention this guy being a director... How about the security threat
> (information disclosure) that this guy: #1 has a valid email address
> to spammers, #2 it could reveal his real name (e.g. "Jim Bob Malloy is
> out of the office") to a hacker. #3 it could reveal his real name and
> the fact that he is out of the office to a phisher/other person with
> malfeasance on their minds, especially if it says when he'll be back;
> that gives criminals a definite window of opportunity.
> 
> If you have a security (aka IT Risk Management) group, they may have
> some "policy" cards they could deal out in cases like this.

Another thing to mention is that people don't maintain them, so they 
cause other creeping issues. Often these messages contain bad info after 
a while. A friend of mine who works for a corp that forces these things 
on people, went on vacation and his old cell phone number was emailed to 
hundreds of people. The current owner of that number was quite upset, 
since the OOM contained info about him being off for surgery, there were 
quite a few calls! :-(

Ken A
Pacific.Net


More information about the MailScanner mailing list