Weâve survived another holiday season. With the season comes vacation, and with vacations come the âvacation auto-responderâ, also known as the âout of officeâ reply.
The evil âout of office replyâ.
Evil? Yep. Iâll explain why.
Become a Patron of Ask Leo! and go ad-free!

- Out-of-office messages have best practices.
- When those best practices arenât followed, out-of-office messages can annoy others.
- Out-of-office messages can reveal your vulnerabilities.
- Out-of-office messages can confirm your email address to spammers.
Out-of-office done right
OOFs can be useful if two important conditions are met:
- The automated reply is sent to each sender exactly once, no matter how many times they send email.
- The automated reply is never sent to mailing lists.
For some companies, thereâs a third rule:
3. The automated reply is never sent outside the company.
Iâll also add a fourth rule Iâll simply call a âbest practiceâ:
4. The automated reply is sent only to people in your address book.
If those conditions are all met, you may be able to use OOF replies safely.
If not, you run the risk of being evil.
Breaking the rules
If rule #1 is broken, you annoy everyone who needs to send you more than one email while youâre away. No matter how many they send, theyâll get your automated response again and again.
If rule #2 is broken, depending on how the mailing list is configured, your automated reply will go either to the person who sent a message to the list (whether or not he or she knows or cares about you), or possibly to everyone on the mailing list.
If both rules #1 and #2 are broken, then every message to a mailing list may cause your out-of-office message to get sent again and again and again, flooding the mailing list.
If rule #3 is broken, you may share company information with those who neednât or shouldnât have it.
If rule #4 is broken, then you donât know who youâll have informed of your absence. That, as it turns out, can have unwanted side effects. By sending an out-of-office reply to anyone who emails you, you may tell a random stranger youâre away, and open your home to a burglary.
On top of that, youâve probably also replied to spam that wasnât caught by a spam filter, thus validating your email address to the spammer. The result: youâll likely get a lot more spam.
My take-away
My take is simple: unless you can follow the four rules or best practices listed above, OOF messages are a good idea that have gone horribly, horribly wrong 99% of the time.
And, honestly, most of the time an out-of-office reply isnât needed anyway.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
The OoOF of Lotus Notes works the right way. You can opionally set it to respond to only internal email, i.e., donât respond to email originating outside the company (e.g., SPAM, newsletters, etc.) so it notifies co-workers once. Sadly, Outlook doesnât have that feature so you canât keep OoO Message internal and thus, the feature is not very useful.
Many years ago a mail storm occurred on our mail server for the exact reasons cited in Leoâs article.
The lead engineer on our program had activated an email rule to forward all messages he received to the entire engineering staff when the subject line of the message contained certain key words. That produced an out-of-office reply from one of the recipients of the auto-forwarded message, which induced another auto-forward to the engineering distro list, which induced another OOO reply. The ensuing mail storm took down the server.
This is called a âmail loop,â and thereâs no need to explain its hazards â you found them out firsthand!
Configuring your âOOFâ to reply only once to any given sender, as Leo recommends (or, alternatively IMHO, no more often than once in every 24 hours) should suffice to prevent this sort of thing from happening.
Couple years ago I was out for surgery and decided to forward my Notes mail from work to my home email. Used my personal address shortcut for my home email address. Notes âautocompletedâ my name and forwarded all of my mail to an employee at our installation in France. MONTHS later I was copied on an email from her supervisor to our corporate IT folks, asking who I am and why am I forwarding so much email to her. Donât I feel like a dope. She got a chuckle when I explained it, I felt so bad for her. Never used oof again.
Iâm not sure of the âsend-only-ONCEâ rule, because people may have forgotten the original response, or might wish to check whether you are STILL out. An alternative might be to set the thing up to send a response to any given recipient no more often than once in 24 hours. This will kill any mail loops, but will still provide functionality.
Interestingly, the ancient Unix âvacationâ command (remember that?) provided this functionality, with a little fudging. :)
A further issue with OoOâs is that all too often, thereâs never ANY follow-up to oneâs original enquiry â which drives me nuts! It seems that when the suntanned OoO originator gets back from the Bahamas, he simply bins all the emails that piled up while he was away â apparently assuming a bot (or the fairies?) sorted it all out in his absence. Whatever happened to common courtesy in business?
Follow on to my Oct 2005 comment, apparently Exchange 2007 and Outlook 2007 will now do what Notes did years ago, have the option to only send OoO internally. Havenât used it yet (weâre still Exchange 2003) but at least thereâs hope.
ââBEGIN PGP SIGNED MESSAGEââ
Hash: SHA1
Geoff: I think that particular aspect of common courtesy
gets lost in the email-overload that often piles up while
people are away from the office. I know once I get an OOF I
*assume* that the person did NOT get the message and that
itâs on me to resend some time after they return.
Leo
ââBEGIN PGP SIGNATUREââ
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIWXI4CMEe9B/8oqERAvwAAJwIEBua8e6WZRTBW61jkIbBiwLtJwCfWLB9
tGgn+9iX4EvuHBqCFJqw+BU=
=Zill
ââEND PGP SIGNATUREââ
Exchange 2003 SP2 has the functionality to only send internally. We use have that setting enabled. Itâs located under Global Settings -> Internet Message Formats -> Advanced. Uncheck âAllow out of office responsesâ
I have never understood why the out of office assistant canât simply only reply to emails that successfully make it through my spam filter. Out of office assistant seems to reply to any and everything.
âOut of office â evil? Perhaps.
Annoying â certainly.
For some unknown reason my pc sends a random response to people who have e-mailed me telling them I am away until Sept. 1st. I wish I was but what can I do to rid myself og this?
10-Feb-2011
I disagree with Rule One, but have my own personal variation:
Rule 1: It should be arranged that no âVacationâ reply message (you call it an âOut Of Officeâ message) will ever be sent more often than once in every 24 hours (and the message itself should explicitly say so).
Rationale: People can be forgetful and need reminding, or they may simply wish to check whether you have yet returned (either early or late); thus, provision should always to be made for senders to receive subsequent âVacationâ reminders should they seek them. A significant delay, however, IS most certainly ABSOLUTELY NECESSARY in order to prevent a possible mail loop â THAT would be most TRULY Evil!!!
I absolutely and heartily agree with Rule Two, but it can be difficult to implement.
Not replying to Spam can be prevented with good Spam filters â if Spam is filtered out before it reaches your Inbox, it will never be replied to (automatically or otherwise)!
Unix users have a âvacationâ command that easily implements my variation of Rule One, (and only replies to messages that entered then Inbox, so Spam filters would be effective); but it leaves Rule Two completely out in the cold. Some other (temporary) âfilterâ would be necessary to block newsletters.
Is the receipt check also bad?
No, but it isnât as useful as you might hope, because the person receiving the email has to confirm that they want to send the receipt. Many choose not to. I personally block the requests before they even before it gets to me.
If by âbadâ you mean âpointlessâ â yes.
Not really pointless in a large office environment. Look at from the perspective of a manager, managing dozens of people. The manager sends hundreds of emails on different topics to many people and needs to track of responses and acknowledgements. The read receipt is required and it helps check off who bothered to open an email (although they may not have actually read it). If some task is not performed with the claim that âI didnât knowâ, there are different actions that can be taken for not opening the email or opening the email and not reading it. Conversely, when I get an email, but I cannot respond to it promptly, I may deliberately open the email to sent a read receipt as an acknowledgement and then mark the email as unread so I can track it and follow up later. I also save the read receipts so that when someone says I never got your email I can provide the receipts as evidence. These methods work not just with employees, but also with contractors and clients. Think big and donât just rely on your memory.
I was the Operations Manager for an international company, in my absence my deputy took my Emails. If you really think that it is imperative that others know that you are absent I suggest that you take a reality check.
Our company pretty much follows rules 1-3. That makes 4 a moot point. If someone from within the company wants me to respond, they get my message saying when I am out, when I will return, who they can contact for some things, and if I will check mail occasionally.
Barry â your statement only works for executives that have deputies that will answer their mail. Most of us do not have that luxury.
If you use OOF in a company, then rule 3 would apply, if you are an individual and correspond with customers, for example, then rule number 4 would apply. In a way, itâs an either/or situation with rules 3 and 4.
Bill â totally agree with your reply to Barry. Small companies often only have 1 person doing 1 particular job. In addition, I agree with the entire article except the last sentence, stating that OoOâs are normally not needed, again for the same reasons.
Thereâs one more problem which can result from violating rule number 1. A colleague of mine is required to use OOF responses. One day she came home after a weekend to find over 30,000 emails in her inbox. The person who wrote the original email was also using an OOF autoresponder and the autoresponders played OOF tennis all weekend. :-)
The Mail Loop strikes again!
At the accounting firm I support, clients expect a quick response to email during the working day. If they are ignored, they will start looking for a new accountant. And there are no secretaries. OOO is required.
Ditto. OOO reply wasnât meant for personal users. When you work in a big organization, with offices in many cities, perhaps in several countries, youâre not going to call everyone to tell them youâll be gone. And if you donât cover yourself with an OOO reply, all hell will break loose with clients and contractors. Of course, the other alternative is to take your device on vacation and respond to emails on the beach.
For any company that respects their clients, vendors, potential clients,,, OOO replies are a MUST. You cannot limit OOO replies only to within company or your mailing list unless you are prepared to miss on important business inquiries. Remember when you sent an mail and did not get timely reply? Were you upset? Anointed? So will be others. My suggestion to modify rule 1: sent one OOO, but one per day. On top of that â if you can do this securely â and OOO notwithstanding, do check your emails occasionally when you are away and reply those that need a prompt reply.
Leo, you wrote:
âBy sending an out-of-office reply to anyone who emails you, you may tell a random stranger youâre away, and open your home to a burglary. â
Leo, donât be silly! To do a burglary, theyâd need to know your PHYSICAL address, not just your E-Mail address. (OTOH, if youâre stupid enough to include your physical address in an autoresponse message, you deserve whatever you get.)
Iâm not being silly. Home addresses are often (though not always) fairly easy to come by.