Recent bad results of auto-forwarding have caused our organization to turn this ability off. The trouble with an auto-forward rule is it causes email loops that can take down your mail server very quickly. We had this happen to us 3 times in one month and turned that option off for the organization as a result. Plus we do not approve of sending company emails to non-company accounts because of personal and corporate info that can be compromised not only for employees but also for customers.
The auto-forwarding email loop server disaster is a concern other members have brought up as well; just one of the many examples of why these sort of risks should be part of educating end users. Even the most innocent-seeming action – forwarding email for more efficient and accessible work – can backfire and set an operation back.
Thanks for sharing!
It’s not just auto-forwarding that can be an issue but auto-replies. A user of one mailing list I subscribed to had an out of office reply setup. This is not necessarily a bad thing. However, the user is a member of a government agency with a three-letter acronym for a name. The out of office message said how long the user was going to be out of the office and the full contact information for at least one other employee of the same government organization. This gave a potential phisher/attacker a lot of information to use for social engineering attack.
I would highly recommend that users reconsider any out of office auto-replies and whether they need to include any specific details in that message. I sure did after seeing the out of office autoreply in this case.
That’s definitely something I never considered. It’s surprising to me how the most innocuous-seeming things (such as the amount of information in an auto-reply) create the biggest, most preventable vulnerabilities, usually because they get overlooked when addressing bigger threats.
Email has become such a pillar of doing business (both internal and external); hopefully it’ll get the attention it deserves when crafting security policies in the enterprise.
Thanks again for joining the discussion, Technochic & Labnuke! I’ll be adding 200 knowledge points to your scores for taking part.