We use Exchange 2000 Server native mode and Active Directory (AD) native mode. To create a vCard to attach to my default Outlook signature, I created a record for myself in my Outlook Contacts folder, typing in my name, business phone number, and corporate SMTP address. When I saved the contact, the SMTP address changed to show my display name, underlined. I then created the signature and added my Contacts record as a vCard. The problem is that when you look at the vCard that Outlook appends to a new message, it contains more than just the name, business phone, and business email address that I added to the contact. It also contains my home address and home phone number, which are stored in AD. How can I stop that personal contact information from leaking out in the signature vCard?

This breach-of-privacy problem has been around since Outlook 2000. What happens is that when you add your business email address to the Contacts record, Outlook resolves the address to your Global Address List (GAL) entry in AD. You can see this resolution for yourself if you double-click the underlined address.

This association isn't necessarily a problem. The problem is that Outlook uses that GAL entry to create your signature vCard, even if you choose your entry in the Contacts folder. If your GAL entry contains your home address, for example, the vCard will also contain that information—as you discovered.

Fortunately, there's a workaround. Select your record in the Contacts folder, and use Outlook's File, Save As command to replace the copy of your personal vCard that's stored in the C:\documents and settings\%username%\application data\microsoft\signatures folder with your record from the Contacts folder. When you save a vCard manually, it contains only the information in the Contacts record, even if that contact has an email address that's in the GAL. Another strategy would be to edit the vCard in the Signatures folder with Notepad to remove the private information.