Email auto-replies are useful in some circumstances, but the use of this facility is not without risk. If you install an auto-reply to your Email address, please be aware of the following outcomes which you may not have considered.
The main problem associated with auto-reply systems are that they indiscriminately reply to the purported sender. Email is notoriously prone to fraud, and the sender information is frequently forged (or spoofed) by spammers, phishers, Email worms and viruses, and other ne're-do-wells. The result is that your messages could be sent to
- innocent third parties who have had their Email addresses forged;
- Email addresses that collect replies to phishing targets;
- spammers who may collect replies to confirm a working Email address;
- spamtrap addresses owned by blacklist operators -- this is a malicious attempt by an attacker to try and put a mail system onto a public blacklist to cause mail delivery problems.
- a mail domain that is a target of a denial-of service: a malicious party could generate Emails from
Such unintended replies are sometimes called "outscatter" or "backscatter"
Furthermore, even legitimate auto-replies may cause problems, such as
- mail loops: under rare circumstances, two auto-reply systems could lock themselves into a mail loop replying to each other's Email and causing one, or the other's, Email INBOX to fill up.
- mailing list: your reply notice may be sent to a mailing list yuo are subscribed to, and hundreds or thousands of other people who don't care may see your auto-replies.
There are some systems in place, both on our Email system and other mail system, that mitigate these risks:
- an efficient spam/virus filter that drops Email before they can be responded to;
- a sender tracking system that limits auto-replies to a particular Email address to (default) once per day.
- mail loop detectors;
- most blacklist operators are aware of unintentional auto-replies and will consider that before adding to a blacklist;
However, you can further reduce the risk of unintended consequences by
- realistically assessing the nature of Emails you receive and evaluating whether it is of enough importance to necessitate an immediate auto-reply (as opposed to dealing with the Email when you can get to it).
- Using some other mechanism such as Email forwarding or web notice to disseminate your intended notice.
- narrowing the scope of when auto-replies are invoked, such as only during the times when it would be useful, or only to certain senders. Contact the IT staff on how you can achieve this.
- recognizing special circumstances that would make an auto-reply system risky (target of much spam or many mailing lists) and weighing those factors against the benefits of installing an auto-reply.