Updated: Look Out for Lookout in Outlook
On the recommendation of a friend, I decided to try Lookout for Outlook. So far, I've been happy with it. It indexes your content, providing an extremely fast and simple search utility for Outlook. I'm not one to create subfolders for every email contact like some, but even I can see how it can (and has) helped me to locate content faster. So I do recommend it.
However, watch out if you send a bug report using the Help -> Report a Bug... feature. After freezing Outlook for a couple seconds, it creates a new email with three files attached: log.txt, SupportInfo.xml, and Options.xml. These files contain sensitive information. In particular, SupportInfo.xml contains your machine name, user name, and domain. I just don't see how knowing this could help debug, but I can see how hackers could use it. Sending that information over the internet is a serious security risk. The Options.xml file, apart from containing Lookout option information, contains virtually your entire mailbox folder structure, which, while less potentially damaging than the aforementioned items, is still somewhat sensitive, in my estimation. I can see how this might help debug, but I think that the user should be specifically asked if this is okay to send.
I will give a nod to the fact that the email's body contains instructional text, saying you can remove any attached files, but I do not think that is good enough, as most people will not think twice about clicking send anyway, and those who might probably won't really understand XML or even what the elements contain.
The moral of the story is that you need to modify those files to remove any information that you consider sensitive. I'm contacting them to suggest they change their reporting practices. I will update here if they do.
Update - 03/08/2004
Lookout support was very quick in responding to my bug report and very gracious for the time I took to write it up. They claimed to know where the problem is and hoped to fix it quickly. They have also assured me that their intent in using email to report bugs is to promote openness and build trust, encouraging users to audit the information being sent. Finally, they have updated the reporter to not send machine name, username, and domain, which will be in the next release.
Overall, I'm very pleased with the product and the support. I've been using it since I originally posted. I'll find myself surfing through folders (old style) and then remember that I can just do a quick search, and every time it works like a charm, very fast and accurate. I highly recommend this product.