What Happens To Bounced @Donotreply.com E-Mails

An anonymous reader writes "The Washington Post's Security Fix blog today features a funny but scary interview with a guy in Seattle who owns the domain name donotreply.com. Apparently, everyone from major US banks to the Transportation Security Administration to contractors in Iraq use some variation on the address in the "From:" field of all e-mails sent out, with the result that bounced e-mails go to the owner of donotreply.com.'With the exception of extreme cases like those mentioned above, Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It's just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.'"

*Cough*

[geekoid]

wikileaks might be a good place to expose those documents. Hey, They sent them to YOU. It's will only take a few and this will be curbed.

Re:

[scooter.higher]

Has anyone noticed his last posting to his RSS feed, published Mar 3, 2008 6:29 AM:

Funny thing happened on the way to an update this week...
from Do Not Reply by Chet

I have been without access to my email account since posting scary week.

Donotreply.com email is now run through google apps. I was about to praise them for providing a great service that had zero down time and was actually able to handle the high volume of email this site generates (think hundreds of thousands to a million a day just to this acc

Re:

[plover]

"Bounced" is the term used by the slashdot submitter in the headline. However, most of these emails were actual humans clicking "reply". They were not originally bounced.

Some of them are sad and pitiful, and read a lot like, "Please accept these plans to repay my credit so I can buy my children food this week! I am waiting anxiously to hear from you and your Reply Here link wasn't working so I sent this email instead."

Re:*Cough*

[slawo]

In return he could sue the hell out of them for falsifying their e-mail headers and addresses and for using his domain name without his permission.
In addition I'm pretty sure someone could probably find a way to use US copyright laws and make them pay money for using his domain name (Intellectual Property) without his permission.

WTF

[Poromenos1]

What idiot decided this was good policy anyway? What happened to donotreply@companydomain.com?

Re:WTF

[iamhigh]

Well, if you are signing up for a network management seminar, or something of the like, then you might also be the person that gets abuse@yourcompany.com, admin@yourcompany.com, it@yourcompany.com and a host of other generic email addresses. So perhaps you don't want them to even have your domain name?

Re:WTF

[Anonymous Coward]

May I suggest reading RFC 2606, Reserved Top Level DNS Names. There is example.com for a reason.

http://tools.ietf.org/html/rfc2606 [ietf.org]

Re:WTF

[HTH NE1]

I've always been partial to disabled@bedridden.invalid.

I've also wondered if routing your mail using user%example.org@example.com notation still worked. Could one give out an address like user%example.com@spamfilter.example to run it through a spam filtering service and reject any mail that didn't come via spamfilter.example (if spamfilter.example allowed such relaying syntax)?

Sorry, first disclosure, I can't even patent it now.

Re:WTF

[Jesus_666]

Not quite. [wikipedia.org] .invalid is an official TLD.

Re:

[techno-vampire]

So, just have the reply address be foo@donotreply.company.com and have your incoming mailswerver send all mail addressed to that subdomain to /dev/null.

Re:

[vux984]

So, just have the reply address be foo@donotreply.company.com and have your incoming mailswerver send all mail addressed to that subdomain to /dev/null.

I was thinking that originally, but now I wonder if I could instead have an MX setup for donotreply.company.com that sends the mail to 127.0.0.1

Would there be any pitfalls to that? Worst case it would try to deliver the mail to localhost, which assuming the guy was actually running an smtp server, it would probably just reject it as an invalid recipient, ref

Re:

[Robert The Coward]

You would likely get branded a spammer and end up on a few black list.

Thanks
Robert

Re:WTF

[Myopic]

Even better yet, accept email replies and provide conscientious service to your customers.

Why even have a donotreply@company.com? How about customerservice@company.com? I guess that would make it too easy to get customer service.

Re:WTF

[elronxenu]

And that's just fundamentally wrong. You can automatically filter out bounce messages and spam. When a message gets through the first level of checking, it can be tied to a customer, so the support person can know all that there is to be known about the customer at the time of reading the email.

If you're sending communication as email, you should expect communication as email back.

Re:WTF

[LMacG]

Having worked at Capital One, I can assure you that there is absolutely no shortage of idiots running around.

Re:WTF

[Joe the Lesser]

and, if the commercials are true, vikings!

Re:WTF

[Damocles the Elder]

What's in your inbox?

Re:WTF

[gEvil (beta)]

I already get enough crap email as it is!

- Dylan O'Notreply

Re:WTF

[OglinTatas]

Well, the CEO Don o'Treply was getting tired of getting everyone's bounced emails, THAT's what happened.

Re:WTF

[rkanodia]

Because then, when people reply anyway, you get junk mail at your own servers. Using donotreply.com directs the problem to other people.

Re:WTF

[sjames]

Surely they should use example.com (Documented in RFCs to never be a real domain). It has no MX and points to a simple web page that just says it's an example for documentation and gives a link to the relevant RFC.

example.com or invalid or donotreply.mydomain.com

[billstewart]

Handing bogus traffic to other people is rude at best, even if it hadn't occurred to you that somebody would register donotreply.com. And any traffic they're getting is either bogus traffic (because people didn't read the message that said to click the web link, not to reply) or autoreplies from robots.

Handing mail to example.com is more or less fine - originally there wasn't anything there, though the fine people at ICANN decided to put an explanatory web page there; AFAICT, telnet example.com 25 times out. And "invalid"'s even better, since it NXDOMAINs, and you can use addresses like donotreply@really.donotreply.invalid.

But you can also manage it yourself - use a subdomain like donotreply.mydomain.com, with some appropriate treatment like NXDOMAIN or a stub email server that replies "554 we told you donotreply, please use the URL in our email" or points to 127.0.0.86 or whatever. That way it's obvious who;s managing it.

Of course, if you're using donotreply.com because you're a spammer, none of these explanations matter to you, because you're a rude nyeculturny thug who doesn't mind bothering people. And some fraction of the people who reply to those will be including their credit card numbers, mother's maiden name, and postal address, so that they can collect the Microsoft Lottery or order their Nigerian Herbal Fake Viagra, and well, more power to the folks at donotreply.com for offering to educate those poor suckers :-)

Re:WTF

[TheRaven64]

Exactly. What do they think whitehouse.gov is for?

Re:

[Xeth]

At least then you can guarantee the bounced emails won't be taking up disk space?

Re:

[moderatorrater]

Whatever happened to letting people reply and then putting them into a customer service queue? Instead of making them click a link to reply, let them reply with email. I know this is a hard concept to grasp for some companies, but using technology to benefit the customer is better than making them jump through (usually worthless) hoops.

Re:WTF

[EdIII]

That is what you are supposed to do of course. If you are operating a mail server you are NEVER supposed to put information for domains you don't control into the headers. That is what spammers do.

Now that I have thought about it a bit more, this is about the money. If they put donotreply@companydomain.com, then the inevitable replies would eat up their bandwidth and processing power on their incoming mail servers.

By forging that information, which is not good policy, they are intentionally redirecting that reply to somewhere else. They may have thought that the sending mail server would simply give a permanent delivery failure notice to the sender, but in this case that forged information leads to an active mail server which accepts all of those emails.

Who is the bigger "butthead" here? The companies intentionally forging their emails or the guy who owns this domain and is exploiting this companies (after they have already harassed him) to save a couple of animals?

Re:WTF

[vux984]

Never attribute to malice, or even conscious though, what can be attributed to incompetence.

Anyone bright enough to -think- having the messages bounce to another domain would save them money should be able to think that maybe just maybe if they have the messages bounce to another domain that this other domain might actually exist, accept that bounced mail, and even read it.

If they really wanted to save money, and not take that risk they could blacklist an address at their mail gates front door. That would eliminate most, but not all the cost of handling the return mail.

And it would be a simple matter to simply have it go to "donotreplay@donotreplay.company.com" which wouldn't have an MX record configured, and would thus never get anywhere. And being a subdomain of your own, it wouldn't be incidently delivered to someone else either.

Re:

[EdIII]

Never attribute to incompetence what can be just as easily attributed to malice.

That statement works both ways :)

Nevertheless, your bring up a valid point. However, I have seen some rather malicious behavior coming from the Pointy Haired Ones that looks like incompetence at first glance. That's just their way.

As for the MX record, you are completely correct. The more elegant solution to be sure. The sending mail server will not even be able to resolve it, and no bandwidth is used at all.

Re:

[Jack9]

Never attribute to incompetence what can be just as easily attributed to malice.
 
That statement works both ways :)

It does not. One is a general rule that holds true in the majority of situations, the reverse does not, which is why the original is recognized at all. It works in this specific case, or you would not even bring it up.

//pedantic

Re:

[ceoyoyo]

I have doubts that the amount of dumb customer reply e-mails would be that big a deal compared to the amount of spam their servers have to deal with anyway. And the dumb customer ones are conveniently all sent to the same address so they're easy to identify and discard, instead of requiring fancy filtering algorithms.

There are two reasons for everything corporations do. I suspect the first, greed, isn't the one here. It's the second: stupidity.

Re:WTF

[AnotherBlackHat]

If the idea is to pick an email address that isn't in use, I recommend one ending with ".invalid" as in "address@is.invalid" or "noreply@domain.invalid"

Re:

[assassinator42]

Most do. I just searched through my emails and found none that had a "donotreply.com"ish domain. Most were either something like donotreply@example.com or something@noreply.example.com.

Re:

[Jonner]

While I can't find an MX record for example.com, there is an A record for it and a web page in accordance with http://www.rfc-editor.org/rfc/rfc2606.txt [rfc-editor.org], so it's a poor choice for an email address that shouldn't go anywhere.

Re:

[Anonymous Coward]

That doesn't work if your mail server is on an IP address without an assigned domain name. Many mail exchanges will not accept messages originating from mail servers without a domain name, so naming donotreply.com or something similar as the message origin is the only way to get these messages to some people.

Re:

[lintux]

An idiot who doesn't know the difference between a username and a domain name but managed to get into an IT department anyway, probably.

Re:

[Your Pal Dave]

More details at snopes: http://www.snopes.com/autos/law/noplate.asp [snopes.com]

Business plan

[Boa Constrictor]

It's not like he didn't see it coming -- "Unauthorized use of this domain gives me full rights to post any emails involved using the unauthorized address. Don't like it? Don't use it." The website is a blog based on the email he receives at the domain. Exploitative it may be, but I thought most folks with sense used "noreply@ourcompany.com" or variations thereof.

Re:

[Em Adespoton]

I wonder how much mail nospam.com gets.... it appears to be held by a portal pumper/domain squatter.

forgery?

[gEvil (beta)]

There's gotta be some ridiculously arcane law on the books somewhere whereby the practice of using a false "from" header would be considered forgery.

Re:forgery?

[GregGardner]

Whether it is arcane or not is debatable, but the CAN-SPAM Act of 2003 specifically prohibits using a false "From" header.

http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm [ftc.gov]

"It bans false or misleading header information. Your email's "From," "To," and routing information - including the originating domain name and email address - must be accurate and identify the person who initiated the email."

Re:

[repvik]

Does it matter? The "From: " header does not need to be forged. The "Reply-To: " header OTOH...

Is he going to sell his domain now?

[CriminalNerd]

I'm sure a whole lot of people are suddenly interested in owning this domain (and/or similar variations) given this new tidbit.

I wonder how long it's going to take for domain squatters or other people to attempt to approach this guy with an offer, and I wonder if he'll accept said offer. This might not bode well for the populace in general if companies don't wake up to their idiotic IT policies.

Stupid on both sides

[EdIII]

Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It's just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.'"

Sounds like he is the one being hurt here. Of course somebody has to own that domain (I guess) and he decided too. Terrible domain name, but still not his fault.

Which brings me to:

Apparently, everyone from major US banks to the Transportation Security Administration to contractors in Iraq use some variation on the address in the "From:" field of all e-mails sent out, with the result that bounced e-mails go to the owner of donotreply.com.

All of these organizations and companies are just being cute by forging their FROM headers. Technically that should not be allowed, but you can do it anyways. They don't want to deal with it and they create "one-way" traffic by inserting bogus information into that header.

The problem is that bogus information is an actual domain that is active and running a mail server. They are treating it like is a reserved word.

The lawsuits are funny, since the header information will show conclusively that those people intentionally redirected the traffic to this guy. If anything, he can counter-sue.

The only thing I can think of is that donotreply.com becomes a reserved word, which is probably easier than getting all those mail administrators to change their behavior, or to get smarter.

In any case, the domain owner is without fault on this one. Unless you count being stupid as a fault, which picking that domain is a little unwise.

Re:

[MMC Monster]

Unless you count being stupid as a fault, which picking that domain is a little unwise.

Well, he could always give it up. I think it's a pretty cool domain name, but would not bother with it, given the amount of extraneous traffic associated with it.

Re:Stupid on both sides

[EdIII]

I don't think he will give it up. He says he, "receives millions of wayward e-mails each week".

I operate an email servicing company. The costs of the bandwidth alone for millions of emails each week is NOT cheap. The server may not have to be that expensive, as it is only about 2 to 10 emails per second (approx. 2 per million), which is not that outrageous. Disk space is cheap these days and he can delete a lot of stuff coming in pretty fast.

However, that bandwidth is costing him money. A fair amount of it too. Hard to say, since he is in Seattle. I would think a couple hundred bucks a month all day long if not more.

So if he is spending that kind of money to keep it, it must be making him money. That's just my opinion....

This happened with PO boxes as well...

[mikael]

This used to happen to people who owned PO Boxes in foreign countries. One time, some people working on charity work kept getting junk mail for fertilizer delivered to their PO Box in Africa. Because they were so far away from the local post office, collecting mail involved a long jeep drive into town to collect the mail from the PO Box. They would be charged a small service fee every time this happened. Despite numerous requests to get the junk mail canceled, the company wouldn't give up. So they go some f

step 3

[Scrameustache]

The lawsuits are funny, since the header information will show conclusively that those people intentionally redirected the traffic to this guy. If anything, he can counter-sue.

Sounds like a business plan!

.invalid exists

[John Hasler]

> The only thing I can think of is that donotreply.com becomes a reserved word...

".invalid" is already a reserved top-level domain. Thus "donotreply.invalid"
would produce the desired behavior.

> ...which is probably easier than getting all those mail administrators to change their
> behavior, or to get smarter.

This guy seems to be dealing with it. Perhaps he could arrange for incoming emails to be automatically entered into a database searchable at www.donotreply.com. Should be easily doable by ha

Re:

[EdIII]

I had not read that far yet in the article. I know, I know a ./'er not reading the article.. for shame.

He is a "douche". But he is also a technically correct douche, the best kind douche :)

The companies are douches for forging their headers, and he is a douche for deliberately exploiting those douches. So in fact, he may be a double-douche.

Re:

[Hatta]

The companies who email him are not victims either, and still bigger douches.

Cease and Desist Letters for legally owned domains

[PhreakOfTime]

I find myself in a somewhat similar situation. I was supposed to do some work for a company who later ended up folding because of 'bad management', and I was left holding the bag on the domain I purchased at their instruction, that they never paid me for.(they didnt want to buy it, I dont know?).

Other than getting all the requests for 'why havent you paid us yet', the end result is that almost 2 years later these people are COMING AFTER ME WITH A CEASE AND DESIST LETTER and demanding that I turn over this domain and others to them for free because it 'infringes on their copyright'. Although, I honestly can say Im not suprised that Caton Commercial, the real estate company who is operating as the umbrella company for all these shell companies who eventually go under, doesnt know its ass from a whole in the ground.

Knowing full well that this sort of behavior is borderline as far as being professional, I posted the full contents of the Cease and Desist Letter sent by a Mr John Argoudelis [demystify.info] online so anyone thinking of working with this company may come across this sort of behavior and maybe think twice. Lawyers and Real Estate agents.... whew... what a combo of integrity!

The company is also involved in numerous court cases relating to other aspects of their business practices. Ive posted a short description of the Will County court cases that caton commercial is involved in [blackjackandhookers.org] at my blackjack and hookers site.

In fact, forget the blackjack!

Re:

[moderatorrater]

In fact, forget the blackjack!

I went to hookers.com, and it doesn't look like your site at all! In fact, it's...

Just a minute, my boss just walked up with a box.

Re:Cease and Desist Letters for legally owned doma

[karnal]

A Quad-core xeon?

Re:Cease and Desist Letters for legally owned doma

[sjames]

Just re-direct all email and web for that domain to a collection agency. You might even be able to contract for finder's fees.

That or put up a zone file pointing to 127.0.0.1 for the A record.

Never thought of "donotreply.com"

[Duncan Blackthorne]

I have used "no.one@nowhere.org" and "some.one@somewhere.org" as bogus email addresses before, but never thought of using "donotreply.com" for anything. In fact, I'd pay good money (and have offered several times, only to be ignored) to have an email address @somewhere.org or @nowhere.org..

Re:Never thought of "donotreply.com"

[rasman1978]

That's so unprofessional!

I always just use me@yourmomshouse.com.

Re:

[SanityInAnarchy]

There's also example.com.

Re:

[morari]

I always liked shoveitupyour@ss.net

*shrugs*

I have a suggestion:

[Lxy]

1. Company A uses companya@donotreply.com as it's return address

2. Donotreply owner sets up an autoreply for companya@donotreply.com. This auto-reply should be inappropriate, goatse is definitely an option.

3. Company A loses customers in droves, problem solved.

Re:

[EdIII]

Your that type of kid that put the flaming bag of dog doody on my front porch aren't you?

Yeah you are... I got your number :)

Re:I have a suggestion:

[zotz]

Sounds a bit like the tactic my grandfather said he used to solve a problem...

He had a phone number for years.

Out of the blue, he started getting calls in the middle of the night from security guards checking in on their rounds.

Seems a security company had started up and had a number close to his and the guards were mistakenly calling his number instead of theirs.

He asked the company to change their number. They said no and told him to change his.

The next time he got a call in the middle of the night, he told the guard that he could go home for the night.

Company calls up the next day all upset that he sent the guard home and telling him he couldn't do that.

He says he could and would keep on as long as the calls continued.

Number changed. Calls stopped.

(This is from memory, the details may not be 100% accurate, the gist of the story is as he told me.)

all the best,

drew
http://packet-in.org/wiki/index.php?title=Main_Page [packet-in.org]
Packet In - net band. Libre music available gratis. Could be for a limited time only. Then again, it could last as long as copyrights...

Re:

[rickb928]

My family used to have a number just 3 off from a very popular pharmacy in town. We got wrong numbers on a regular basis, but shrugged it off.

One night, very late, someone called and was quite upset that not only weren't we the pharmacy, but that we couldn't transfer their call to the pharmacist. This in the days when yoh could choose pluse or tone dial phones. My mom lost her cool and gave the caller quite a talking to.

The pharmacy owner called the next day and began to chew me out (I was home sick, she

Re:I have a suggestion:

[schon]

A few years ago, I started getting phone calls from people asking for "Leanne". Turns out "Leanne" had recently moved, and was giving out my number (mistakenly) to her friends. The calls started coming at all hours of the day and night.

I started telling the callers to tell "Leanne" that she was giving out the wrong number, and to let her friends know about it, but the calls kept coming.

One day at about 4AM, I got woken up with asking if "Leanne" was home. I had an epiphany, and told them "no, she died today." The caller was dumbstruck. I told him that she got hit by a bus on the way home. The caller asked the obligatory "is there anything I can do?" and I said "Yes - can you call all of her friends and let them know the funeral is on Tuesday?"

That was the last call for "Leanne" I ever got.

RFC 2606

[mmontour]

RFC 2606 [rfc-editor.org] (dated June 1999) solves this problem by defining reserved domains such as "example.com" (for use in documentation) and:

            ".invalid" is intended for use in online construction of domain
            names that are sure to be invalid and which it is obvious at a
            glance are invalid.

A possible use for example.com

[stevel]

ICANN reserved example.com, example.org and example.net for use in documentation and other places where you want to put an "example" domain name, but I find that most people are not aware of this. Email sent to these domains is discarded.

For reply addresses, a more reasonable protocol would be to use the sender's actual domain but with an invalid username, as Poromenos1 suggests. A further problem of using a domain not your own as a sender address is that the recipient's email server may block it due to SPF records or other checks on sender domains.

I remember once getting an incensed missive from the owner of asdfg.com who complained about emails we were sending him regarding updates of our product. Turned out that a user had entered that domain when he registered the product in an attempt to not get our emails.

Re:

[Niten]

Good point, but just to nitpick:

A further problem of using a domain not your own as a sender address is that the recipient's email server may block it due to SPF records or other checks on sender domains.

SPF policies apply only to the envelope sender address, not the message's From: header.

Re:

[noidentity]

I remember once getting an incensed missive from the owner of asdfg.com who complained about emails we were sending him regarding updates of our product. Turned out that a user had entered that domain when he registered the product in an attempt to not get our emails.

I usually just do admin@domain, where domain is the domain of the stupid website I'm trying to access which pointlessly requires me to register first. The solution is to not require registration, rather than trying to block all the bullshit a

My domain

[Cytlid]

Because I have the existential geek name, as it appears in so many tech books, I registered Fredtest.com. You would be surprised how many other IT Fred's out there send mail to Fred@fredtest.com.

I got bored with replying (some guy in SanDiego is a real estate agent for ReMax, I don't think he ever got it), so I just limited what my mail server will accept.

  Now it just bounces back to the sender and hopefully they think "oops, perhaps I shouldn't do that", which is what I believe this guy should do. Discourage the bad behavior, don't exploit it.

Sort of like copying to file...

[ShaunC]

For a long time, I had the screen name "File" on AOL. I'm not sure where the practice originates (perhaps Lotus), but many, many AOL users would compose an email and cc it to "File" thinking they were saving a copy for themselves. I wound up with all sorts of interesting stuff over the years.

I did this once.

[ScottForbes]

Many years ago I (briefly) owned the e-mail address uucp@aol.com, which received all sorts of interesting messages from platforms that blindly assumed everyone else was running Unix too. After suspending the address and asking AOL to put it on their reserved list (which they did), I wrote it up for the RISKS Digest. [ncl.ac.uk]

Re:I did this once.

[kju]

I had a similar experience. A mobile phone operator (now defunct) allowed its customers to get mailadresses under their domain. So i got postmaster@domain which was accepted happily by the system. I deleted the alias a few days later though, because the amount of mail really got out of hand. I heard from another sysadmin who using the forged name "Andreas Buse" registered the mailadress abuse@... with his provider. :-)

Sell captured emails

[OrangeTide]

He should provide a search feature for all the email, archive it. and then sell full content any email on the site for $1. There might be interesting stuff he's catching, especially if legal departments of various companies are going after him.
(no I didn't RTFA)

Reminds me of my younger days

[eln]

I remember during my very first paying job as a sysadmin (1997-ish), I was tasked to set up a new mail server. For some reason, I decided as part of my testing to send email to an "invalid" remote address that I came up with off the top of my head (bob@bob.com I think it was, or maybe foo@foo.com or something like that). So, I wrote a script that just sent thousands of emails out at once to this address. Within maybe 20 minutes, I get an angry phone call from the domain owner telling me to stop spamming him.

I learned my lesson, though. Now I never put my real phone number in the whois record for my domains.

Re:

[DirePickle]

Poor bob@bob.com! That used to be my default email to use when registering at potentially-spammy sites!

Re:

[Monkeyman334]

I had a friend that worked for a major online phone book. Among the features was a reverse lookup. As a joke, they found a guy named "I. P. Freely" and put his phone number in the example block. So, if someone was feeling adventurous or curious they'd look it up and get a good laugh. Well, one day they got a phone call, it was I. P. Freely, and he politely asked that his name be taken off the example.

I didn't learn any lessons. It just made me wonder why on earth someone named I. P. Freely would use his ini

donotreply.com

[hansamurai]

This is a fun site to read, but it doesn't appear he has updated it in over a month! Hopefully not all of these companies have caught on by now...

"I'll do a quick summery..."

[CFrankBernard]

Excellant!

Been there, done that

[HardCase]

I used to have me@myself.com from mail.com (I guess they've morphed into something else). I thought that it would be cute. It was an utter waste of my bandwidth.

I used to host nospin.com. You wouldn't believe all of the bizarre crap that came in for Bill O'Reilly. I used to forward them on, but the sheer volume and, well, stupidity made me trash them instead.

Damn! I wish I had this domain!

[kimvette]

I wish I had this domain! Getting insider info on all these companies - - one could make a fortune on the stock market!

Heh - Been there, done that

[filesiteguy]

Reminds me of when I was the email admin at Hershey Business Systems - a Los Angeles based integrator - in the '90s. Because the domain - hbsi.com - was taken, the owners took hershey.com back in 1994.

My favorites:

Sent: Sunday, July 04, 1999 8:12 AM
To: kai@hershey.com
Subject: From: Kim!!
Hi! grandma I am so thankful that you came all the
way from Florida to see me and by the way..... thanx
for the choc cookie!! and next time you come over
could you bring the extra pleasure condoms. I need
them for me and Ryan.
love you Grandma!!
Kim

Sent: Monday, July 05, 1999 12:09 PM
To: Kim
From: Kai
Subject: From: Kim!!

Kim:

We are not your grandmother.

Kai Ponte
Hershey Business Systems

Then there was this one from an AOL member (figures):

From: TrtleGrl69@aol.com
Sent: Wednesday, August 11, 1999 2:19 PM
Subject: no response to our email dealing with
            dead bugs in my payday
I am extremely disappointed at the fact you have not
responded to this incident. I'm upset that I purchased a
payday and began eating it and ended up seeing a worm like
bug with bug carcasses and holes in and on the candy
bar.
I ... will continue to write you until I get a response.
Talk about extremely bad customer service.
Chad Weaver

I liked my response:

From: Ponte, Kai <kai@hershey.com>
Sent: Monday, August 30, 1999 7:20 AM
To: TrtleGrl69@aol.com
Subject: RE: no response to our email
                          dealing with dead bugs in my payday

The worm like creature you found - was it alive?

Did it taste good?

Kai Ponte
Information Technology Specialist
Hershey Business Systems

They should be using...

[msauve]

donotreply.invalid or example.com. These are reserved for just this sort of thing by RFC 2606 [rfc-editor.org].

In a similar manner, people wanting fake IP addresses to use for documentation, training, etc., should use addresses in the 192.0.2.0/24 range, which is reserved by RFC 3330 [rfc-editor.org].

I use ....

[rahvin112]

I use bob@aol.com for situations similar to this or where it's just a spam harvesting operation. I sometimes feel bad for Bob, then I remember Bob uses aol and I don't feel so bad for Bob.

How about nospam.com?

[billsf]

Actually that one is taken and its DNS is: {ns1/ns2.anything.com}. I fully agree these are overly generic (both of the past domains qualify) and should be 'reserved' for nobody, and that isn't {nobody.com}... It all depends on who runs the TLD. Some are more permissive than others. Playing 'by the book', '.com' probably allows some very tacky names -- Its a 'generic domain'. A geographic TLD would take quite some care to avoid misuse. Clearly, names of government agencies are to be avoided, but does '.com'? I don't think any individual would ever get, {fbi.us} or, heaven forbid, {irs.us} or here, {avid.nl} or anything with 'belasting' in it, unless you really are the 'tax people'.

At first I thought all this (domain hacks) was quite funny. However, it is unfortunate so many see the net as one big crime spree.

He's not just some guy in Seattle...

[Mr2001]

The guy who runs donotreply.com is Chet Faliszek, one half of the "Chet and Erik" who ran the gaming humor site Old Man Murray [oldmanmurray.com] and then went on to write the dialogue for Portal.

Incidentally, they never did send me a prize for winning that CrateMaster contest. Bastards!

Re:He's not just some guy in Seattle...

[megaditto]

Sorry, we forgot about your prize. Contact Chet at chet@donotreply.com.

Foo@bar.com has been my secretary

[OMNIpotusCOM]

for years and he never complains. I liked the Wikileaks idea though.

who@givesafuck.com

[steppin_razor_LA]

I used to own givesafuck.com and tried using that as a "for fun" email address (i.e. easy for people to remember). I had to give it up because of the same issues. People were constantly making it up as a fake email address. I amused myself a few times by logging into the accounts people created with my email address and resetting their passwords/etc, but eventually give it up due to the spam load...

Harvest addresses, sell to spammers

[chmilar]

The guy could make a lot of money harvesting the email addresses, and then selling lists to spammers.

Anyone dumb enough to reply to "donotreply" is likely to buy products from spam emails!

He could probably filter into lists based on the mail initiator, and the contents of the original email (quoted in the reply). Plus, the harvested emails are from currently active, valid accounts. These targeted lists of high-quality chumps would be worth paying extra for.

node.com had similar problems.

[Ungrounded Lightning]

Node.com had a number of similar problems.

It first existed before canned sendmail configurations from vendors were common, when mail bounced from site to site much like Internet packets from router to router (rather than straight over the net to the target's Mail Transfer Agent), and most sites hacked up their own MTA configurations. A significant number of system administrators (especially at big companies and universities) got the bright idea that their users were likely to follow the manual too closely and send mail to "user@node.com". So they'd hotwire their MTA config such that mail to "@node.com" would bounce the mail with a friendly note to the user.

Of course that massively disrupted mail to node.com. So the sysadmin, from time to time, had to hunt down another "helpful" site's mail admin and educate him.

He also set up a "user"(@node.com) account and used the "vacation" program to send the "helpful letter", thus providing the service for the entire net. Vacation saves the incoming mail, too. It turns out the "problem" was essentially non-existent. "user@node.com" only got one or two mails per month - at least until some idiots used "user" and "node.com" as the default fields in their mailing list signup pages... And then the spammers got hold of it...

you can own the headline domain

[iamhigh]

DONTOREPLY.COM is available! Probably gets about as much crap - even slashdotters can't profread.

Re:you can own the headline domain

[BenSchuarmer]

I got your email. --Don

Re:

[Teflon_Jeff]

I know I looked into buying donotreply.com a while back, but it was taken. Makes me wonder why he bought that domain...

Re:

[solitas]

I know I looked into buying donotreply.com a while back, but it was taken. Makes me wonder why he bought that domain...

Which makes us wonder, in turn, why YOU wanted to buy it...

Re:you can own the headline domain

[Teflon_Jeff]

Kicks and giggles. I thought it would be funny to have an @donotreply.com e-mail address. had I known about all the crap that would filter through, I probably would have sold it.

The guy has a gold mine, this is illegal...

[msauve]

think about it - the CAN SPAM act makes it a felony for commercial enterprises to "materially falsifi[y] header information," which is EXACTLY what the bozos who cause this problem are doing.

If I owned the domain, I'd be contacting every commercial enterprise who's email got bounced to me, and letting them know that for a nominal fee, they could avoid my getting the feds to take notice of their illegal activities.

Maybe...

[msauve]

but that's not a forgone conclusion.

"Under the common law and many statutes, an intent to take money or property to which one is not lawfully entitled must exist at the time of the threat in order to establish extortion...A person who acts under a claim of right (an honest belief that he or she has a right to the money or property taken) may allege this factor as an Affirmative Defense to an extortion charge. What constitutes a valid claim of right defense may vary from one jurisdiction to another. For example, M, a department store manager, accuses C, a customer, of stealing certain merchandise. M threatens to have C arrested for Larceny unless C compensates M for the full value of the item. In some jurisdictions it is only necessary for M to prove that he or she had an honest belief that C took the merchandise in order for M to avoid an extortion conviction. Other jurisdictions apply a stricter test, under which M's belief must be based upon circumstances that would cause a reasonable person to believe that C took the item. Another, more stringent, test requires that C in fact owe the money to M."

If by putting fake header in an email, you're filling my email inbox, you're causing me damage, both in terms of stolen resources (you are consuming both bandwidth and storage space, both of which I pay for), and my own time in sorting through the chaff. You owe me for my costs, both in actual dollars and in time and effort. You can choose pay me a reasonable fee to cover my costs and efforts, or I'll let the government show you why you shouldn't have done it in the first place.

BTW, don't assume that law is the same as ethics. There are a lot illegal actions which are perfectly ethical, and vice versa. I choose ethics over law (which, at least in the US, has little meaning).

Re:at least the US

[tsm_sf]

No offense, but attitudes like that will kill this country. The "good enough" or "at least we're better than X" line of thought leads us into a race to 2nd from the bottom.

Re:at least the US

[thegnu]

My attitude that the laws here are no match for ethics, and I can only think of an imaginary country where the laws are relatively representative of ethics? I'm not sure you understood what I meant.

In this whole Rev. Wright thing, it's become very very apparent how the media neglects their responsibility to a)elevate the dialog and b)at least show a 5-minute clip before condemning a man. People expect all of their leaders to be saints, and it's ridiculous.

The only thing that Rev. Wright said that was ridiculous was that the govt created the AIDS virus to kill black people. But then, he also believes in a homonid living in the sky, so I give him a free pass on that. Beyond that, he said:

1. God doesn't bless America for killing innocent people, he damns America for killing innocent people.
2. And he said that our violence in the world begets violence at home.

Which are both teachings straight from the motherfucking Bible, everybody. People are pissed because a preacher preaches from the Bible? Come the fuck on.
[/tangent]
oh, look at that. my captcha is "tedious". :-)

Re:

[Fjandr]

He doesn't really say it's a problem. He simply gets companies to donate to animal relief causes in order to have their documents pulled from his blog.

It's each company's fault if they send him confidential information. They have no business setting up From: addresses to a domain that they do not control.

Re:

[techno-vampire]

How many times have you put in blah@blahblah.com on some stupid form?

I haven't done that, but I used to do something much worse. At one point, for my sins, I served time on the helldesk of an ISP. Every now and then I'd make a note of the email address of a foul-mouthed, abusive caller who really didn't deserve the good service i tried to give everybody. For the next several weeks I'd have fun signing them up for mailing lists, newsletters and using their name on those stupid webforms that want your e