Autor: Alan J. Flavell Data: A: Exim users list Assumpte: Re: [exim] Return reciept on forward
On Wed, 28 Dec 2005, Richard Clayton wrote:
> Well, you could simply disable all automated vacation response
> systems for your users...
Point taken, but we have several very senior users who would not stand
for that.
> In this day and age, very few people indeed are away from their
> email for more than a couple of days at a time, so there is seldom a
> real need for such systems.
One of our key users had to be away for 3 months unexpectedly: there
was a clear need to inform anyone trying to contact her on business
that they should contact someone else. Merely forwarding her email to
a substitute was unacceptable, as it could have compromised personal
emails to her which weren't meant to be read by third parties.
I myself had to be away from email for 3 weeks, and anyone trying to
catch my attention, for the various duties which I perform, needed to
be redirected. Although I'm now, obviously, in email contact, I'm
still unable to perform many of my normal duties, so there's still a
vacation response directing the plaintiffs to appropriate backup
staff.
Now, you'd be entitled to say they ought to have used role addresses,
which could be switched to the people who are currently performing
these duties. But we have not pursued that policy aggressively, and
many of my users know that I am the (normal) person to carry out the
actions, so they address me personally.
> After a few moans, the facility would not be missed.
As I say, some users of ours who are in a powerful position would not
stand for that.
> I get dozens of responses a day of this type (because spammers forge
> my identity) -- they are second only to challenge-response as a
> source of back-scattered annoyance. I trivially reject the rubbish
> that has a null sender [no stats available on how many that might
> be],
You'll have added one by addressing me personally ;-}
> -- and most of these turn out to contain detailed
> personal information (or company secrets about hierarchies, co-workers
> etc) that the security team would probably despair of, should they
> become aware of the information leakage and the potential for social
> engineering :( [see Mitnick, Art of Deception, for the risks]
Agreed. My response was composed with half an eye on that aspect of
the problem, indeed.
> Anyway, when was the last time you changed your plans because of a
> vacation message that you received ?
So far, all of my bona fide users had already followed the alternative
instructions contained in my vacation response, by the time that I got
back to email and contacted them in person.
> Removing vacation message supporting features would simplify Exim's
> code base :) remove a source of loops and reduce the documentation
> set. Sounds like a win to me!
D'accord, but, as I say, impractical for us (I'm speaking for the
departmental/faculty mail server, not for the campus central server,
which may have its own policy).
