Skip to content


UL alert: ‘out-of-office’ autoreplies help burglars

BoingBoing, back in December, forwarded this snippet: ‘A report issued by UK-based Infrastructure Forum (‘TIF’) says spam-savvy thieves are using info from ‘out of office’ email autoresponders and cross-referencing it with publicly available personal data to target empty homes.’

Criminals are buying huge lists of email addresses over the internet and sending mass-mailings in the hope of receiving ‘out of office’ auto-responses from workers away on holiday.

By cross-reference such replies with publicly available information from online directories such as or, the burglars can often discover the name, address and telephone number of the person on holiday. Tif is advising users to warn their staff to be careful of the information they put in their ‘out of office’ messages.

“You wouldn’t go on holiday with a note pinned to your door saying who you were, how long you were away for and when you were coming back, so why would you put this in an email?” said David Roberts, chief executive at Tif. (via VNUNet)

My take on this? Bullshit.

I mean, how many house burglars (a) have the know-how to set up a fast internet connection, get hold of an addresses CD, and send a spam; and then (b) how often does a Reply-To address on a spam stay active once it’s sent — assuming it ever worked in the first place — before the ISP whacks their account? I would guess 6 hours at the most, and most spam runs wouldn’t even be halfway through by that stage (from what I hear).

Self-promoting bullshit of the highest order I reckon.

Comments closed