One of the great things about email (versus snail mail) is that you can respond instantly. The downside is that people expect you to respond instantly. (This expectation is so common that there seems to be at least one person in every office who sends an email and immediately either calls you or visits your desk to see if you got it.) The Out of Office auto reply was invented to remind people that, hey, not everybody is connected all the time. It’s such a widely-used feature of most email clients, it’s considered rude to not use it. But, as with every good thing, the bad guys are threatening to spoil it. Cyber security experts are warning that the information contained in your Out of Office reply can be exploited by spammers and other scam artists. Don’t believe me? Think about all the information that is typically contained in a Out of Office auto response:

  • You are out of the office
  • You are out of town (translation: your office and/or home are unattended)
  • How long you will be gone
  • The name of your assistant or someone else authorized to handle your business in your absence

You may think this is fairly innocuous information. But in the hands of someone intent on exploiting the unsuspecting, this is just enough information to pull off a scam. Think about it. If your assistant received a call from someone masquerading as your hotel’s concierge and asking for a credit card number to charge your event tickets to, how confident are you that your assistant wouldn’t hand it over? For this reason, some security experts recommend forgoing Out of Office altogether. While that may be your safest bet, it might not be terribly practical. The trick will be finding a balance between security and keeping important people informed. With that in mind, here are some suggestions on how to configure Microsoft Outlook’s Out of Office auto reply to keep your law practice running smoothly and safely.

Out of Office: The Basics

The Out of Office feature in Microsoft Outlook is not available to every Outlook user. Only those who are sending and receiving their email via an Exchange Server can use this feature. The reason for this is fairly simple: if you’re out of the office, chances are your computer is off and Outlook is not running. In your absence, Exchange Server will still be able to process mail into your inbox and send auto replies. (Even without Exchange Server, you can emulate some of the features of Out of Office, but it will require that you use the Rules feature and leave your computer and Microsoft Outlook running while you’re away.) To set up Out of Office, go to the File tab in Outlook 2010 or 2013 and click on Automatic Replies. (In earlier versions of Outlook, the Out of Office Assistant is found under Tools on the menu bar.) The Automatic Replies dialog box is organized into two sections. The top third of the dialog box is where you turn Out of Office on and off. When Out of Office is turned off, the radio button next to “do not send automatic replies” is selected. If you click “send automatic replies,” this turns Out of Office on. If you want to have automatic replies sent until you get back into the office and can turn Out of Office off manually, leave the check box next to “only send during this time range” unchecked. If you want automatic replies to turn off automatically at a certain date and time, however, use the start time and end time boxes. The bottom two thirds of the dialog box allows you to customize the outgoing message. Notice there are two tabs in this section. This means you can send a more descriptive message to people inside your firm (for example, including your hotel or other itinerary information) and send a shorter message (or none at all) to senders outside your firm.

Thwarting Spammers

One of the most basic dangers of the Out of Office reply is that it confirms to every sender they’ve hit a working email address. For spammers, this is valuable information. It lets them know that they (or anyone they sell your address to) that continuing to send email to that address won’t be entirely in vain. But part of the reason you want to turn your Out of Office reply on is to let important people (including clients and others outside your firm) know not to expect an immediate response. The Outside My Organization tab allows you to set an automatic reply to people who are outside your firm but only if their email address is found in your Outlook Contacts list. Simply select the radio button next to “My Contacts only” and random senders like spammers won’t get your Out of Office reply. Those with whom you correspond often enough to keep their information in your Contacts list, though, will. This has the added bonus of preventing your Out of Office reply from going to every single one of the hundreds or thousands of people on the same email listservs you are subscribed to.

Out-of-Office Alternative: Autoforward

If you’re sufficiently spooked by the prospect of spammers and other scam artists misusing your Out of Office reply, here’s one suggestion: instead of setting up a response to be returned to whoever is emailing you, use Rules to forward their message automatically to someone in your office for handling. This could be especially useful if you have an active client who may have an emergency while you’re at that out-of-town CLE. As long as you can specify the email addresses (or even the email domains) of those whose messages you want handling your absence, Automatic Reply Rules will help ensure they get the attention they need without compromising your security. To set this up, click the Rules button in the lower left-hand corner of the Automatic Replies dialog box. Click Add Rule in the Automatic Reply Rules dialog box: Out-of-Office-5 Here, you’ll be able to specify which messages should receive special handling according to a number of criteria. Probably the easiest to manage will be messages from particular senders. For example, you could click the From button and choose one or more entries from your contacts list, then check the Forward checkbox and specify your assistant’s or law partner’s email address by clicking the To button. Out-of-Office-6

For Security’s Sake, Make a Decision

Regardless of how you choose to deal with the Out of Office situation, don’t just use the default “reply to all” settings and let it go at that. Take the time to find the balance between security and responsiveness that works for your law practice. You could choose one of the options above, or you may come up with a better solution after consulting with your IT person and your law partners. Featured image: “N is for Neil the Nonce having a cup of char” by Eric is licensed CC BY-NC-SA 2.0.