Re: Administrivia: Good mailing list social graces.

[Leif Ericksen <leife () dls net>]

Clap, Clap, Clap...

I see two main issues with the auto responders letting people know that
the recipient is away on vacation or out at a conference while
subscribed to the list.  This can be used as a form of social
engineering, or worse.  As stated, it can give alternate contacts or
points of access into your company. 

Yes the flood of emails is bothersome and I just delete them.  However,
when I get some that are written in a language other than English I have
to look at it carefully and decide if it is spam or not.

Another point to consider is how good is the security system at your
home?  Yes I said your home.  If you name is in a phone directory or
some other directory what is the likely hood that you could be targeted
for a burglary?  I will admit that saying somebody might use the list to
determine whose home to go and burglarize, but being security concise
requires a certain level of paranoia.

Bottom line it only takes a few moments to un-subscribe/subscribe to the
list so if your auto responder does not allow you to ignore the list,
you should remove yourself from the list.

That is just my thoughts on the matter.

Now where are my burglary and lets see how my auto responses I get that
are close enough to make it worth while!  J/K  but I hope that it makes
a point.

--
Leif Ericksen


On Thu, 2005-03-17 at 10:06 -0700, Daniel Hanson wrote:
> I've posted some guidelines like this before, apparently I have to do it
> again.
>
> Leaving auto-responders on mailing list messages is not good social
> behaviour. One or two auto-responses may not seem to be a huge problem,
> but when a contributor to the list receives a mass of auto-response
> messages, it dissuades the person from posting in the future.
>
> We have over 10,000 subscribers, if 1% of them have auto-responders, that
> is 100 messages, Do you like receiving 100 unsolicited messages in a 10
> minute period in the middle of your work day?
>
> Perhaps someone seeking assistance or advice won't be dissuaded by this
> flood of email, but the people who reply and try to help (we have some
> frequent contributors that do this an awful lot, thank you to all of you),
> are a lot less motivated to put up with this.
>
> Yet again, someone forwarded me an auto-reply that resulted because some
> lazy site administrator decided to send all security mailing list traffic
> to a a customer care email address that auto-replies to EVERY POST ALL THE
> TIME.
>
> As I have done before, and will continue to do, I will unsubscribe
> addresses that do this. People on this list should be interested in making
> the Internet a safer and more useable place, auto-replies because you are
> too lazy to turn them off for mailing lists is not the way to do this.
>
> As an aside, for all you corporate security administrators who seem to use
> your vacation messages when you go away to conferences... If I were
> interested to find the lazy administrators, and target the most lucrative
> companies. I would pick a conference like blackhat or CanSecWest, send an
> email to the list, and see who's away at the conference, and who
> "concerns" should be addressed to while that person is away.
>
> D
-- 
Leif Ericksen <leife () dls net>