Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    In two recent blog posts (The Risks of the Out of Office Notification and Other Risks from Automatic Replies)  we discussed the possible threats from automatic email replies, from out of office notifications to read notifications to non-delivery receipts, they all allow information to be leaked – which can then be exploited. So what can administrators and users do to deal with this threat and help secure their environment?

    While we have always stressed the importance of user education, in this particular case this should be reinforced with strong server settings. There’s no reason to rely only on user settings, which can be (and frequently, are) set improperly.

    Enterprise email servers have fairly granular control over whether out-of-office notifications are sent or not. A good best practice for e-mail would be to limit out-of-office notifications to recipients within the organization only. If external parties need to receive these notifications, then they can be whitelisted as necessary. However, the default should be that external parties should not be sent out-of-office notifications.

    Similarly, email servers can be configured so that bounce messages are not sent externally. Just as importantly, bounce messages should not contain significant amounts of the original message, as if they do so they can be used for spam attacks. (RFC 3834 explicitly makes this recommendation.)

    As for read receipts, again we recommend that they not be sent externally. This can be done by stripping the Disposition-Notification-To header on all incoming messages; this ensures that no read receipt will be sent to a potential attacker while keeping the feature intact for internal email.

    Taken together, these best practices prevent the sending of these automatic replies, which as we discussed earlier can be a source of information leakage for organizations. In addition to this, user education – particularly for out of office notifications – can also help.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice