Tif (The Corporate IT Forum) today warned office workers to be careful about what information they put in auto-response messages because of a newly discovered security risk.

The forum, comprising blue-chip members representing 120 of Britain's largest organisations, discovered criminals are using the information contained in 'out of office' auto replies to determine personal details, and in some cases even addresses, of staff through cross-referencing the information contained in such emails.

"You wouldn't go on holiday with a note pinned to your door saying who you were, how long you were away for and when you were coming back so why would you put this on an email?" asked David Roberts, chief executive of tif.

Criminals are purchasing lists of 'spam' email addresses and sending out mass emails in order to obtain 'out of office' replies with details of holiday absences. Using directory enquiries they then attempt to establish as much information about that person as possible.

But to be fair this practice is extremely difficult and the chances of coming across enough information in an email to pinpoint the sender's home address are extremely limited. In fact there are no actual cases of people being burgled as a result of information left in their auto responses.

Tif suggests, however, that people are still careful and has released a set of guidelines for those sending out auto-response messages:

Keep messages as bland as possible
Be careful giving away alternative contact details
Redirect enquiries to a business colleague's contact number

Never say that you are away on holiday or away between certain dates
Never put personal contact details on the message
Never set away messages on home or personal email accounts
Never include home address details