Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:
- mention a few different kinds of automatic responses -
- assignment of a tracking number or a similar identifier
III. Format of automatic responses
- envelope return address (avoid loops!)
- headers (to, from, subject, auto-submitted)
- content (should probably limit size, content to limit
DoS attack potential - e.g. should not allow sender to
use the responder as a relay for viruses)
- proper MIME encapsulation (?)
VI. security considerations
- DoS attack through mail loops
- DoS attack through large #s of requests
- DoS attack by using responder to flood large #s of mailboxes
- attack by using responder to relay harmful/abusive content
- requests by unauthorized parties
- privacy risks of out-of-office notifications (coworker names
make social engineering easier)