Normally we assume the customer knows what they are doing. However 99% of the time this is not the case :-).
The auto responder system should enforce the following:
when adding
[email protected] as the autoresponder address, do NOT allow the customer to set
[email protected] to be the CC address for...