Ernie the Attorney showed up in my aggregator today with a link to this BoingBoing post that pointed to this article about thieves buying up spam-lists looking for autoresponders that say "I'm out of town." We had turned off those auto-responders here, and recently had to turn them back on again, much to my amazement. I find it hard to believe that anyone would want everyone who sends them a message to know that they are on vacation or working from another office; I never use the Out Of Office notification for that reason, in the same way that I'd never change my voicemail message at home to notify telemarketers that I'm out of town for two weeks.

We are addressing that issue here in two ways. First, users who participate in our Bayesian spam filtering program will be protected from any items that the filter catches as spam, because we're changing the "reply to" address on those messages to an internal mailbox (thus preventing the OoO message from getting back to the spammer). Additionally, we looking into building an Out of Office equivalent service that allows more granular control, i.e., the notification would only fire for addresses that exist in the user's Contacts folder or for specific domains.