Auto-Reply: Convenient or Catastrophic? The Hidden Dangers Revealed

Convenient or Catastrophic?

So, you’re headed off for a well-deserved vacation. All your cases are covered. All loose ends are tied up. You start to turn off your computer – but before you do, you remember to leave an out-of-office auto-reply email message.

Smart move, right? Maybe not.

Cyber-security experts urge caution when using email auto-reply. They say it gives hackers and scammers too much personal information – and it might even open doors for them to sneak in while you’re gone.

Why Hackers Love Auto-Reply

Consider the following sample email auto-reply message:

Thank you for your contacting me. Please be advised that I will be out of the office from March 3 through March 7, attending a cyber-security conference in Concord. I will not be checking my email during this time. If this is an urgent matter, feel free to contact my assistant, Sally McBeal, directly at 800-421-7151 or

Just by reading your auto-reply, cyber criminals will acquire a lot of personal information about you and your whereabouts. For instance, they now know:

  • You are not in the office.
  • You are not even in town – you are in Concord.
  • You will be gone through March 7.
  • Your assistant is Sally McBeal.
  • Your assistant has at least some authority to conduct business in your absence.
  • Your assistant has a direct phone line and a separate email address.

Imagine the nefarious ways a naughty person might use this information.

The most important information spammers receive from an auto-reply is proof of an active and functioning email account. Once they have this in hand, you become a target for future spam and phishing schemes. Your email address might be shared or sold on the black market.

Ways to Avoid Trouble

There are two principal dangers in auto-reply messaging: (1) you have no control over who sees the message, and (2) you have no control over what they do with its contents.

Here are some ways to side-step the danger:

  1. Come up with an office policy. Make sure everyone is on the same page. Prepare and implement a security policy or user agreement, so users know the company policies with regard to protecting information. The policy should note what information can be divulged in an out-of-office notification.
  2. Report suspicious behavior. Alert everyone in the office to potential holes in the system.
  3. Don’t drop names unnecessarily. A thief who knows not only your name but also the name of your trusted assistant – and perhaps the name of the city, hotel and conference you are attending – can cause mischief.
  4. Less is more. Be vague in your out-of-office message. Very vague. Leave the details for direct communications.
  5. Use different messages. If possible, utilize one message for internal responses and another for e-mails from out-of-office contacts.
  6. Block potential spam. Ask your IT manager to configure your account so it either blocks messages from Internet addresses or does not reply to them.
  7. Reply only to trusted sources. Configure your account so that it only sends an auto-reply to specified clients, members of a user group or those who are on your contact list.
  8. Remove your email signature from the auto-response. This seemingly harmless detail is packed with information that can be used by scammers.

And finally, make sure those who are in the office know how to reach you if red flags pop up while you are away. This assures immediate, direct action to deal with problems before they explode.


WAMS, Inc.

The experts at WAMS, Inc. all have a background in the legal industry and understand the software and the demands that come along with it. That’s why all our clients receive a dedicated account manager and engineer with specific planning that works for your business needs. We didn’t break into the tech world to pinch pennies from clients. We go into every partnership to help their business scale gracefully. Your company growth is our company growth, always.