Am I give spammers free hints?

OK, this is going to seem blindingly obvious, but I only just thought of it.

As you probably know, you should never reply to spam, whether it be to “get yourself removed from the list” or any other bullshit reason they concoct.

However, it is my company’s policy for us to set the “out of office” flag in Microsoft Outlook when we’re going to be absent. This means that during the absence, anyone that sends an e-mail to my Outlook account gets an automated reply. I don’t see any way Outlook would know not to reply to spammers, so am I right in thinking that by doing this, the whole time I’m away Outlook is confirming my e-mail address is valid to spammers?? (I get about 50 spam e-mails a day at my work account) :eek:

Depends, but probably yes. If the From header on the out of office message is your address, then you’re screwed. Sometimes, it will be a central company address, and then you’re probably OK, unless spammers go through return messages manually (and they might).

Ideally, you want your address to be a black hole to spam: It comes it but nothing comes back out to suggest the account’s live. If any email goes back to the spammer that identifiably comes from your account, the spammer can archive your address for sale to other spammers who buy big lists of `known good’ addresses. That increases your spam load tremendously.

When I set the “out of office” flag, I find that the replies only go to accounts in the company’s MS Exchange servers. I test my out of officeness with my own personal email and don’t get an autoreply.

Either Outlook doesn’t reply to Internet addresses, or I am doing something wrong when setting up “out of the office”.

If you have a Rules Wizard rule that deletes spam (you’ve got to write some rules to recognize it first), Outlook may not send an autoreply to the senders, I’m not sure but that’s worth a shot.

Keep in mind that a lot of spammers use faked addresses, so the auto-reply is gonna bounce, providing them with no useful information, I would think.

On a similar note to what CookingWithGas said – and I’m sorry, I don’t have Outlook on this computer – can you set your auto-reply to respond only to email originating from certain domains? Or only to adresses only in your address book? That way, you’ll respond to everyone who should know that you’re out of the office, and anyone who doesn’t get a response is someone you haven’t dealt with before or don’t deal with frequently enough and so they don’t merit an immediate response.

You’ll need to check with your Exchange administrators. How Outlook / Exchange behaves with regard to sending out “out of office” responses all depends on how the Exchange servers are configured. It’s definitely a “your mileage may vary” situation.

Here, Exchange is set up to give an OOF response to all emails, internal or external, unless the phrase “internal use only” is in the message (typically in a user’s autosig)

What’s actually happening is the OOF process doesn’t care what’s in the message, but the outbound message inspection will catch the “internal use only” phrase and kill the message without regard to whether it’s an OOF response or a regular outbound message.

Most spam seems to be sent from fake or spoofed addresses, so the autoreply may not be reaching anyone. My wife’s email got spoofed last month, and she’s been receiving hundreds of autoreplies, mostly “this message could not be delivered (because is was blocked by our anti-spam measures, you bloodsucking weasel)”

And I thought I knew Outlook/Exchange pretty well…thanks for the info.

In retrospect, the ubiquitous faking of return addresses by spammers will probably save me here, as a couple of people pointed out. I didn’t think of that. I too have had the experience of returning after an absence and seeing dozens of “unable to deliver” messages in my inbox, presumably from auto-replies sent out to spammers.

As an experiment I sent myself an e-mail from my Hotmail account - no “out of office” reply, so I’m hoping Exchange is configured to only send them to internal correspondents.

minor hijack, but relevant:
Why do I always received the same number of spam messages?

I get between 12 and 18 spams every day–never less than 11 and never more than 19! This has been constant for over a year.
One source of the spam:
I occassionally post technical questions on a newsgroup (dedicated to engineering graphics)called alt.cad.autocad. That “Alt” domain undoubtedly attracts a lot of the address-harvesters who spam me with offers of porn. (I know, it’s stupid to post there with my real email address, but I sometimes get good serious answers .)

Since my email address is “out there”, easily available, I thought that over time more and more spammers would find me, and my spam would increase. I was going to change my address, but decided it’s not necessary, because the amount of spam has stayed contant.

Why haven’t more spammers found me yet?
Are there only a limited number of spammers out there? Or it is just that I have been lucky not to have my name discovered?