What Happens To Bounced @Donotreply.com E-Mails

An anonymous reader writes "The Washington Post's Security Fix blog today features a funny but scary interview with a guy in Seattle who owns the domain name donotreply.com. Apparently, everyone from major US banks to the Transportation Security Administration to contractors in Iraq use some variation on the address in the "From:" field of all e-mails sent out, with the result that bounced e-mails go to the owner of donotreply.com.'With the exception of extreme cases like those mentioned above, Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It's just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.'"

forgery?

[gEvil (beta)]

There's gotta be some ridiculously arcane law on the books somewhere whereby the practice of using a false "from" header would be considered forgery.

Re:WTF

[iamhigh]

Well, if you are signing up for a network management seminar, or something of the like, then you might also be the person that gets abuse@yourcompany.com, admin@yourcompany.com, it@yourcompany.com and a host of other generic email addresses. So perhaps you don't want them to even have your domain name?

Sort of like copying to file...

[ShaunC]

For a long time, I had the screen name "File" on AOL. I'm not sure where the practice originates (perhaps Lotus), but many, many AOL users would compose an email and cc it to "File" thinking they were saving a copy for themselves. I wound up with all sorts of interesting stuff over the years.

Re:Stupid on both sides

[EdIII]

I don't think he will give it up. He says he, "receives millions of wayward e-mails each week".

I operate an email servicing company. The costs of the bandwidth alone for millions of emails each week is NOT cheap. The server may not have to be that expensive, as it is only about 2 to 10 emails per second (approx. 2 per million), which is not that outrageous. Disk space is cheap these days and he can delete a lot of stuff coming in pretty fast.

However, that bandwidth is costing him money. A fair amount of it too. Hard to say, since he is in Seattle. I would think a couple hundred bucks a month all day long if not more.

So if he is spending that kind of money to keep it, it must be making him money. That's just my opinion....

How about nospam.com?

[billsf]

Actually that one is taken and its DNS is: {ns1/ns2.anything.com}. I fully agree these are overly generic (both of the past domains qualify) and should be 'reserved' for nobody, and that isn't {nobody.com}... It all depends on who runs the TLD. Some are more permissive than others. Playing 'by the book', '.com' probably allows some very tacky names -- Its a 'generic domain'. A geographic TLD would take quite some care to avoid misuse. Clearly, names of government agencies are to be avoided, but does '.com'? I don't think any individual would ever get, {fbi.us} or, heaven forbid, {irs.us} or here, {avid.nl} or anything with 'belasting' in it, unless you really are the 'tax people'.

At first I thought all this (domain hacks) was quite funny. However, it is unfortunate so many see the net as one big crime spree.

Re:I did this once.

[kju]

I had a similar experience. A mobile phone operator (now defunct) allowed its customers to get mailadresses under their domain. So i got postmaster@domain which was accepted happily by the system. I deleted the alias a few days later though, because the amount of mail really got out of hand. I heard from another sysadmin who using the forged name "Andreas Buse" registered the mailadress abuse@... with his provider. :-)

Re:Business plan

[Em Adespoton]

I wonder how much mail nospam.com gets.... it appears to be held by a portal pumper/domain squatter.

Re:you can own the headline domain

[Teflon_Jeff]

Kicks and giggles. I thought it would be funny to have an @donotreply.com e-mail address. had I known about all the crap that would filter through, I probably would have sold it.

The guy has a gold mine, this is illegal...

[msauve]

think about it - the CAN SPAM act makes it a felony for commercial enterprises to "materially falsifi[y] header information," which is EXACTLY what the bozos who cause this problem are doing.

If I owned the domain, I'd be contacting every commercial enterprise who's email got bounced to me, and letting them know that for a nominal fee, they could avoid my getting the feds to take notice of their illegal activities.

Foo@bar.com has been my secretary

[OMNIpotusCOM]

for years and he never complains. I liked the Wikileaks idea though.

Re:Uh, no...

[Anonymous Coward]

They sent them to some misspelled or otherwise bad address at some _other_ domain, which bounced them to donotreply.com.

They used 'something@donotreply.com' as their email address, even though they didn't own 'donotreply.com'.

Then, they sent email to a bad address at another domain, who then bounced the message too 'something@donotreply.com'.

That's also pretty stupid.

Re:I have a suggestion:

[rickb928]

My family used to have a number just 3 off from a very popular pharmacy in town. We got wrong numbers on a regular basis, but shrugged it off.

One night, very late, someone called and was quite upset that not only weren't we the pharmacy, but that we couldn't transfer their call to the pharmacist. This in the days when yoh could choose pluse or tone dial phones. My mom lost her cool and gave the caller quite a talking to.

The pharmacy owner called the next day and began to chew me out (I was home sick, sheesh) for being so rude to callers that had made such an innocent mistake. I shared with him what my mom said the caller said. And I let him know that I'd have my mom call him as soon as she got in.

We know the pharmacist's home numnber. He's on the City Council. Needless to say, my mom didn't call him until a little later in the evening. And he was both rude and upset. Especially when he realizes that he actually knows my mom from business dealings (ok,ok, she represented several manufacturing firms). We (I was her partner in crome a lot) attend the next Council meeting. He spies us.

Never heard from him again. We had that number for 12 years. He got over it. People still called all hours of the day and night. We usually just hung up after that.

Ah, the good old days of rotary dial.

node.com had similar problems.

[Ungrounded Lightning]

Node.com had a number of similar problems.

It first existed before canned sendmail configurations from vendors were common, when mail bounced from site to site much like Internet packets from router to router (rather than straight over the net to the target's Mail Transfer Agent), and most sites hacked up their own MTA configurations. A significant number of system administrators (especially at big companies and universities) got the bright idea that their users were likely to follow the manual too closely and send mail to "user@node.com". So they'd hotwire their MTA config such that mail to "@node.com" would bounce the mail with a friendly note to the user.

Of course that massively disrupted mail to node.com. So the sysadmin, from time to time, had to hunt down another "helpful" site's mail admin and educate him.

He also set up a "user"(@node.com) account and used the "vacation" program to send the "helpful letter", thus providing the service for the entire net. Vacation saves the incoming mail, too. It turns out the "problem" was essentially non-existent. "user@node.com" only got one or two mails per month - at least until some idiots used "user" and "node.com" as the default fields in their mailing list signup pages... And then the spammers got hold of it...

Re:*Cough*

[scooter.higher]

Has anyone noticed his last posting to his RSS feed, published Mar 3, 2008 6:29 AM:

Funny thing happened on the way to an update this week...
from Do Not Reply by Chet

I have been without access to my email account since posting scary week.

Donotreply.com email is now run through google apps. I was about to praise them for providing a great service that had zero down time and was actually able to handle the high volume of email this site generates (think hundreds of thousands to a million a day just to this account). But guess I can't at the moment.

The week after scary week, I started getting this error when trying to access my account - "Sorry... account maintenance underway". It suggested I email support if it lasted more than 24 hours. It did, so I did. Their response

        Hello,

        Your Gmail account is currently under maintenance, and our engineers are
        working to allow access to your account as quickly as possible.

        We apologize for any inconvenience this may cause, and we thank you for
        your patience during our limited test of Gmail.

        Sincerely,

        The Google Team

That was 2 days ago (i waited a week after getting the first error). The account remains inaccessible. Wonder who on the list is mad?

On a happier note, another animal shelter received a check for $200 this week. Thanks.

Chet
ps. If you need to contact me to threaten me, get my mailing address so you can send me a scary threatening email, or even so you can show up in person, or just my phone number so we can shoot the breeze as you try and threaten me in a friendly manner, email me at chet at poe-news dot com

I bet he's at the Guantanamo Bay Resort and Re-education facility now...