“Out of Office” reply is a privacy concern?

In our Microsoft migration a couple of months ago, we moved from Novell's Groupwise for email to Microsoft Exchange 2003, using Outlook 2007 as a client.  I knew things would be different, but some things just make me shake my head.

My boss just took a week off, and set up an "Out of Office" reply using Outlook's Out of Office assistant.  He then sent an email to himself from home... and no reply.  Strange...

So I ask my tech consultant to look into it, thinking that something must not be configured correctly on the server.  In the mean time, I forward my boss an email from my work address... and get a reply saying he's on vacation.  What the heck?  Now I'm thinking... "Did it fix itself overnight?"  So I send an email to him from one of my many external email addresses, but no luck.  Still broken.

I'll admit that this seemed pretty strange.  It works internally, but not externally.

Then my tech comes back to me with this Microsoft KB entry, which says:

"By default in Microsoft Exchange Server 2003, the sending of out-of-office reply messages to the Internet is disabled. Many administrators do not allow out-of-office reply messages to be sent outside the Exchange organization to prevent unauthorized people from learning when users are out of the office."

What the hell?

Privacy is great, really.  But for crying out loud, this is overboard.  Turning off replies to the internet is the default?  Come on!

Give the paranoid system admins a way to turn the feature off if they're that concerned.  But there is no reason in the world that you should force 90% of users to turn on the feature to protect the 10% of users that deliberately neglected to tell their wife they were taking the day off! Honestly, all the people in the office already know he's gone, responding to them is ridiculous.  It's the ones emailing him from elsewhere that need to know!

4 thoughts on ““Out of Office” reply is a privacy concern?

  1. Whenever I found something that I may find annoying I try to ask myself why does it exist in the first place?

    Here I would like to know if the option is enable can be by sending a great number of e-mails crash the Exchange Server? If yes then I can better understand.

    Kind regards,
    Dennis

  2. True enough, Dennis.

    I remember that Novell Groupwise once had that issue, but it was resolved by a check to see if the auto reply had been triggered to that email address since the rule had been enacted. Net effect was that it would only send one reply to any given email address, alleviating this issue.

    From what I've seen, Exchange works in the same way. I've forwarded several emails to my boss this last week, and never received another reply. I can't see why it would react differently externally, and indeed the MS article doesn't mention that as a reason.

  3. I'm not sure how problematic it would be for the Out-of-Office responses to crash the server. I mean, these are responses to incoming messages, so we're talking about at most a doubling of traffic, right? And it the person were in the office, wouldn't s/he be replying to many of these messages anyway?

    And I recall Exchange being smart enough to only send an Out-of-Office message to the first incoming message from each recipient.

    The security thing might be to prevent someone finding out that so-and-so is out, then driving to their house and ripping them off. Which seems a bit ridiculous to worry about.

  4. Hi Jon,

    The original issue with this, or the urban legend, anyway, was that you could send an email to two people, each of whom had their auto replies on, and set to respond to all. The theory was that these two other mailboxes would then start replying to each other. When the reply was received, they'd reply again, and so on, ad infinitum.

    As soon as the default rule to only reply once to each address was set, that issue disappeared though.

If you have a comment or question about the blog post content, please feel free to post it here. If you need help adapting this solution to your own needs, please post in our free help forum.

Your email address will not be published. Required fields are marked *