[Dshield] Exchange Open Relay

David Taylor ltr at isc.upenn.edu
Sun Mar 5 18:15:59 GMT 2006


>
I do not understand why you would object to some one monitoring your email
while you are on vacation.  So what good does it do to have a customer get
an
out-of-office message when they want to do business with your company while
you
are on vacation?
<

There are a lot of reasons I don't want someone to monitor my email for me
while on vacation.  Privacy is one (which is a big thing at a lot of
universities). The good that an out of office message to one of my customers
is letting them know that I am not in the office. "I will read your email
when I get back.  If this is urgent please contact blah at blah". It is too bad
that people use OoO to send spam but I don't think that this should label
all OoO as spam.  

As far as SPAM goes I think it was originally supposed to mean bulk
unsolicited messages.  It seems the definition has changed a bit in recent
years. Maybe there should be a new term used to describe unsolicited
bounces/OoO. With all the email I get in my inbox from being in a University
security office I rarely get OoO messages.  Maybe I just don't see it as
being a big problem.

http://en.wikipedia.org/wiki/Spam_%28electronic%29
"Spamming is the abuse of any electronic communications medium to send
unsolicited messages in bulk."

==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org

irc.freenode.net #dshield
http://freenode.net/



-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Abuse
Sent: Saturday, March 04, 2006 9:45 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Exchange Open Relay


** Reply to message from "David Taylor" <ltr at isc.upenn.edu> on Sat, 4 Mar
2006
15:18:10 -0500

> Out-of-office should only be used internally within a company.  If you
> can not guarantee to not spam anyone using out-of-office then do not use
it
> to
> external sources.  If you can not guarantee to not send an out-of-office
> message to a mailing list then do not use it to external sources.
> 
> 
> I don't think there is a lot you can 'guarantee' on anything nowadays...

Right!  That is why I think that spamcop is correct in listing spam sent via
out-of-office messages.  Also why I think out-of-office messages should only
be
used internally within a company.


> I don't agree with OoO messages being only used internally.  If I go on
> vacation I need to let people know that I am Out of the Office.  Why is
this
> only supposed to be used for internal situations?  I don't understand
that.
> How can you get by this?  I have no idea.  If I go on vacation I do NOT
want
> other people on my team to access and mange my email while I am gone.  I
do,
> however, want to let people know that I am out of the office if they send
me
> an email.

I do not understand why you would object to some one monitoring your email
while you are on vacation.  So what good does it do to have a customer get
an
out-of-office message when they want to do business with your company while
you
are on vacation?


> I'm really pissed off at SPAMCOP for accepting out of office responses as
> SPAM.  I think they are going a bit too far with this.

Why do you think I like to get out-of-office spam sent to me?  I get enough
spam sent directly to me without someone else sending me more spam via an
out-of-office message.
_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list