We’ve survived another holiday season. With the season comes vacation, and with vacations come the “vacation auto-responder”, also known as the “out of office” reply.
The evil “out of office reply”.
Evil? Yep. I’ll explain why.
Become a Patron of Ask Leo! and go ad-free!
- Out-of-office messages have best practices.
- When those best practices aren’t followed, out-of-office messages can annoy others.
- Out-of-office messages can reveal your vulnerabilities.
- Out-of-office messages can confirm your email address to spammers.
Out-of-office done right
Out-of-office replies, often termed OOF for “out of facility,” are automated email replies you can configure your email program or service to send on your behalf when you are out of the office, on vacation, or just not planning on responding to email in a timely fashion. The automated response says something like, “I’m out of the office this week and not checking email”.
OOFs can be useful if two important conditions are met:
- The automated reply is sent to each sender exactly once, no matter how many times they send email.
- The automated reply is never sent to mailing lists.
For some companies, there’s a third rule:
3. The automated reply is never sent outside the company.
I’ll also add a fourth rule I’ll simply call a “best practice”:
4. The automated reply is sent only to people in your address book.
If those conditions are all met, you may be able to use OOF replies safely.
If not, you run the risk of being evil.
Breaking the rules
If rule #1 is broken, you annoy everyone who needs to send you more than one email while you’re away. No matter how many they send, they’ll get your automated response again and again.
If rule #2 is broken, depending on how the mailing list is configured, your automated reply will go either to the person who sent a message to the list (whether or not he or she knows or cares about you), or possibly to everyone on the mailing list.
If both rules #1 and #2 are broken, then every message to a mailing list may cause your out-of-office message to get sent again and again and again, flooding the mailing list.
If rule #3 is broken, you may share company information with those who needn’t or shouldn’t have it.
If rule #4 is broken, then you don’t know who you’ll have informed of your absence. That, as it turns out, can have unwanted side effects. By sending an out-of-office reply to anyone who emails you, you may tell a random stranger you’re away, and open your home to a burglary.
On top of that, you’ve probably also replied to spam that wasn’t caught by a spam filter, thus validating your email address to the spammer. The result: you’ll likely get a lot more spam.
My take is simple: unless you can follow the four rules or best practices listed above, OOF messages are a good idea that have gone horribly, horribly wrong 99% of the time.
And, honestly, most of the time an out-of-office reply isn’t needed anyway.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,