×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

What Happens To Bounced @Donotreply.com E-Mails

ScuttleMonkey posted about 6 years ago | from the lazy-people-who-can't-configure-mail-servers-to-do-their-bidding dept.

Security 286

An anonymous reader writes "The Washington Post's Security Fix blog today features a funny but scary interview with a guy in Seattle who owns the domain name donotreply.com. Apparently, everyone from major US banks to the Transportation Security Administration to contractors in Iraq use some variation on the address in the "From:" field of all e-mails sent out, with the result that bounced e-mails go to the owner of donotreply.com.'With the exception of extreme cases like those mentioned above, Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It's just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

286 comments

Spell Check? (0, Offtopic)

iamhigh (1252742) | about 6 years ago | (#22823430)

I am probably not the first to point out that don't o reply isn't the same as do not reply.

you can own the headline domain (2, Informative)

iamhigh (1252742) | about 6 years ago | (#22823476)

DONTOREPLY.COM is available! Probably gets about as much crap - even slashdotters can't profread.

Re:you can own the headline domain (3, Insightful)

Teflon_Jeff (1221290) | about 6 years ago | (#22823922)

I know I looked into buying donotreply.com a while back, but it was taken. Makes me wonder why he bought that domain...

*Cough* (5, Insightful)

geekoid (135745) | about 6 years ago | (#22823432)

wikileaks might be a good place to expose those documents. Hey, They sent them to YOU. It's will only take a few and this will be curbed.

Uh, no... (0)

msauve (701917) | about 6 years ago | (#22824134)

"they" (the originator) didn't send them to the donotreply.com domain owner. They sent them to some misspelled or otherwise bad address at some _other_ domain, which bounced them to donotreply.com.

Now, it is their own fault that this happened, but it is not correct to say that they sent them to donotreply.com.

WTF (5, Insightful)

Poromenos1 (830658) | about 6 years ago | (#22823436)

What idiot decided this was good policy anyway? What happened to donotreply@companydomain.com?

Re:WTF (4, Interesting)

iamhigh (1252742) | about 6 years ago | (#22823486)

Well, if you are signing up for a network management seminar, or something of the like, then you might also be the person that gets abuse@yourcompany.com, admin@yourcompany.com, it@yourcompany.com and a host of other generic email addresses. So perhaps you don't want them to even have your domain name?

Re:WTF (5, Informative)

Anonymous Coward | about 6 years ago | (#22823648)

May I suggest reading RFC 2606, Reserved Top Level DNS Names. There is example.com for a reason.

http://tools.ietf.org/html/rfc2606 [ietf.org]

Re:WTF (4, Funny)

HTH NE1 (675604) | about 6 years ago | (#22823840)

I've always been partial to disabled@bedridden.invalid.

I've also wondered if routing your mail using user%example.org@example.com notation still worked. Could one give out an address like user%example.com@spamfilter.example to run it through a spam filtering service and reject any mail that didn't come via spamfilter.example (if spamfilter.example allowed such relaying syntax)?

Sorry, first disclosure, I can't even patent it now.

Re:WTF (1)

techno-vampire (666512) | about 6 years ago | (#22823680)

So, just have the reply address be foo@donotreply.company.com and have your incoming mailswerver send all mail addressed to that subdomain to /dev/null.

Re:WTF (1)

X0563511 (793323) | about 6 years ago | (#22823846)

Even better, send an automated response thrashing the moron for replying to a message that states not to reply to it. Better than silently deleting, AND you feel better doing it!

Re:WTF (1)

vux984 (928602) | about 6 years ago | (#22824046)

So, just have the reply address be foo@donotreply.company.com and have your incoming mailswerver send all mail addressed to that subdomain to /dev/null.

I was thinking that originally, but now I wonder if I could instead have an MX setup for donotreply.company.com that sends the mail to 127.0.0.1

Would there be any pitfalls to that? Worst case it would try to deliver the mail to localhost, which assuming the guy was actually running an smtp server, it would probably just reject it as an invalid recipient, refuse to relay it, or deliver it to a default account. The latter is the most 'risky', but the default account is likely managed by the person you sent the mail to in the first place.

In any case, the real risk is zilch, as even if it does go somewhere 'unexpected' it wouldn't really be 'abuseable' as it would go somewhere depending on each indivually owned smtp server. I couldn't just register a domain or squat on an ip and receive it.

And besides the person who received it who runs an smtp on localhost can forward your mail anywhere he wants anyway, so if he wants to send it on, he can, and whether he just uses the forward button or sends it via some automatic handling of an smtp server on his own machine its the same difference.

The final concern is that he's been pwned and botted... and the smtp server he's running is not his... but really if that's the case you can assume whoever pwned him can read all his email anyway if he wants to, regardless.

Re:WTF (0)

Anonymous Coward | about 6 years ago | (#22823508)

Or donotreply@example.com

Re:WTF (4, Insightful)

rkanodia (211354) | about 6 years ago | (#22823542)

Because then, when people reply anyway, you get junk mail at your own servers. Using donotreply.com directs the problem to other people.

Re:WTF (4, Informative)

sjames (1099) | about 6 years ago | (#22823704)

Surely they should use example.com (Documented in RFCs to never be a real domain). It has no MX and points to a simple web page that just says it's an example for documentation and gives a link to the relevant RFC.

Re:WTF (1)

ender- (42944) | about 6 years ago | (#22823894)

Surely they should use example.com (Documented in RFCs to never be a real domain). It has no MX and points to a simple web page that just says it's an example for documentation and gives a link to the relevant RFC.

And in what fantasy world do you live, where corporate idiots have actually ever heard of an RFC, let alone read one? :)

Re:WTF (1)

Thaelon (250687) | about 6 years ago | (#22824082)

Surely they should use example.com (Documented in RFCs to never be a real domain). It has no MX and points to a simple web page that just says it's an example for documentation and gives a link to the relevant RFC.

It did until you got it slashdotted.

Re:WTF (1)

moderatorrater (1095745) | about 6 years ago | (#22823592)

Whatever happened to letting people reply and then putting them into a customer service queue? Instead of making them click a link to reply, let them reply with email. I know this is a hard concept to grasp for some companies, but using technology to benefit the customer is better than making them jump through (usually worthless) hoops.

Re:WTF (5, Insightful)

EdIII (1114411) | about 6 years ago | (#22823642)

That is what you are supposed to do of course. If you are operating a mail server you are NEVER supposed to put information for domains you don't control into the headers. That is what spammers do.

Now that I have thought about it a bit more, this is about the money. If they put donotreply@companydomain.com, then the inevitable replies would eat up their bandwidth and processing power on their incoming mail servers.

By forging that information, which is not good policy, they are intentionally redirecting that reply to somewhere else. They may have thought that the sending mail server would simply give a permanent delivery failure notice to the sender, but in this case that forged information leads to an active mail server which accepts all of those emails.

Who is the bigger "butthead" here? The companies intentionally forging their emails or the guy who owns this domain and is exploiting this companies (after they have already harassed him) to save a couple of animals?

Re:WTF (4, Insightful)

vux984 (928602) | about 6 years ago | (#22823752)

Never attribute to malice, or even conscious though, what can be attributed to incompetence.

Anyone bright enough to -think- having the messages bounce to another domain would save them money should be able to think that maybe just maybe if they have the messages bounce to another domain that this other domain might actually exist, accept that bounced mail, and even read it.

If they really wanted to save money, and not take that risk they could blacklist an address at their mail gates front door. That would eliminate most, but not all the cost of handling the return mail.

And it would be a simple matter to simply have it go to "donotreplay@donotreplay.company.com" which wouldn't have an MX record configured, and would thus never get anywhere. And being a subdomain of your own, it wouldn't be incidently delivered to someone else either.

Re:WTF (2, Informative)

EdIII (1114411) | about 6 years ago | (#22823928)

Never attribute to incompetence what can be just as easily attributed to malice.

That statement works both ways :)

Nevertheless, your bring up a valid point. However, I have seen some rather malicious behavior coming from the Pointy Haired Ones that looks like incompetence at first glance. That's just their way.

As for the MX record, you are completely correct. The more elegant solution to be sure. The sending mail server will not even be able to resolve it, and no bandwidth is used at all.

Re:WTF (1)

ceoyoyo (59147) | about 6 years ago | (#22824032)

I have doubts that the amount of dumb customer reply e-mails would be that big a deal compared to the amount of spam their servers have to deal with anyway. And the dumb customer ones are conveniently all sent to the same address so they're easy to identify and discard, instead of requiring fancy filtering algorithms.

There are two reasons for everything corporations do. I suspect the first, greed, isn't the one here. It's the second: stupidity.

Re:WTF (4, Insightful)

AnotherBlackHat (265897) | about 6 years ago | (#22823722)

If the idea is to pick an email address that isn't in use, I recommend one ending with ".invalid" as in "address@is.invalid" or "noreply@domain.invalid"

Re:WTF (2, Informative)

assassinator42 (844848) | about 6 years ago | (#22823888)

Most do. I just searched through my emails and found none that had a "donotreply.com"ish domain. Most were either something like donotreply@example.com or something@noreply.example.com.

Re:WTF (1)

Jonner (189691) | about 6 years ago | (#22823966)

While I can't find an MX record for example.com, there is an A record for it and a web page in accordance with http://www.rfc-editor.org/rfc/rfc2606.txt [rfc-editor.org], so it's a poor choice for an email address that shouldn't go anywhere.

Re:WTF (1)

assassinator42 (844848) | about 6 years ago | (#22824116)

Sorry, by "example.com", I was referring to the actual domain of whoever was sending the email. I just used it in my post because others had mentioned that RFC.
The best reply-to email I saw was "UseTheYellowButton@ebay.com" for an email notification of an eBay message.

Re:WTF (2, Informative)

Anonymous Coward | about 6 years ago | (#22824030)

That doesn't work if your mail server is on an IP address without an assigned domain name. Many mail exchanges will not accept messages originating from mail servers without a domain name, so naming donotreply.com or something similar as the message origin is the only way to get these messages to some people.

Re:WTF (1)

lintux (125434) | about 6 years ago | (#22824044)

An idiot who doesn't know the difference between a username and a domain name but managed to get into an IT department anyway, probably.

Wikileaks (0)

Anonymous Coward | about 6 years ago | (#22823444)

There is a very easy solution if the owner of donotreply.com thinks this is a problem: sell his domain to Wikileaks for a nice sum, and both parties will be happy!

Re:Wikileaks (1)

Fjandr (66656) | about 6 years ago | (#22823490)

He doesn't really say it's a problem. He simply gets companies to donate to animal relief causes in order to have their documents pulled from his blog.

It's each company's fault if they send him confidential information. They have no business setting up From: addresses to a domain that they do not control.

Business plan (5, Informative)

Boa Constrictor (810560) | about 6 years ago | (#22823460)

It's not like he didn't see it coming -- "Unauthorized use of this domain gives me full rights to post any emails involved using the unauthorized address. Don't like it? Don't use it." The website is a blog based on the email he receives at the domain. Exploitative it may be, but I thought most folks with sense used "noreply@ourcompany.com" or variations thereof.

Re:Business plan (1, Funny)

Anonymous Coward | about 6 years ago | (#22823874)

As a proud owner of ourcompany.com domain, I don't think your suggestion is sensible at all!

Re:Business plan (2, Interesting)

Em Adespoton (792954) | about 6 years ago | (#22824072)

I wonder how much mail nospam.com gets.... it appears to be held by a portal pumper/domain squatter.

forgery? (2, Interesting)

gEvil (beta) (945888) | about 6 years ago | (#22823480)

There's gotta be some ridiculously arcane law on the books somewhere whereby the practice of using a false "from" header would be considered forgery.

Re:forgery? (4, Informative)

GregGardner (66423) | about 6 years ago | (#22823856)

Whether it is arcane or not is debatable, but the CAN-SPAM Act of 2003 specifically prohibits using a false "From" header.

http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm [ftc.gov]

"It bans false or misleading header information. Your email's "From," "To," and routing information - including the originating domain name and email address - must be accurate and identify the person who initiated the email."

Re:forgery? (1)

repvik (96666) | about 6 years ago | (#22823990)

Does it matter? The "From: " header does not need to be forged. The "Reply-To: " header OTOH...

Is he going to sell his domain now? (1)

CriminalNerd (882826) | about 6 years ago | (#22823482)

I'm sure a whole lot of people are suddenly interested in owning this domain (and/or similar variations) given this new tidbit.

I wonder how long it's going to take for domain squatters or other people to attempt to approach this guy with an offer, and I wonder if he'll accept said offer. This might not bode well for the populace in general if companies don't wake up to their idiotic IT policies.

Re:Is he going to sell his domain now? (1)

Phisbut (761268) | about 6 years ago | (#22823748)

I'm sure a whole lot of people are suddenly interested in owning this domain (and/or similar variations) given this new tidbit.

I bet noreply.com [noreply.com] would get just as much mail, and the domain is for sale now.

Stupid on both sides (5, Insightful)

EdIII (1114411) | about 6 years ago | (#22823484)

Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It's just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.'"


Sounds like he is the one being hurt here. Of course somebody has to own that domain (I guess) and he decided too. Terrible domain name, but still not his fault.

Which brings me to:

Apparently, everyone from major US banks to the Transportation Security Administration to contractors in Iraq use some variation on the address in the "From:" field of all e-mails sent out, with the result that bounced e-mails go to the owner of donotreply.com.


All of these organizations and companies are just being cute by forging their FROM headers. Technically that should not be allowed, but you can do it anyways. They don't want to deal with it and they create "one-way" traffic by inserting bogus information into that header.

The problem is that bogus information is an actual domain that is active and running a mail server. They are treating it like is a reserved word.

The lawsuits are funny, since the header information will show conclusively that those people intentionally redirected the traffic to this guy. If anything, he can counter-sue.

The only thing I can think of is that donotreply.com becomes a reserved word, which is probably easier than getting all those mail administrators to change their behavior, or to get smarter.

In any case, the domain owner is without fault on this one. Unless you count being stupid as a fault, which picking that domain is a little unwise.

Re:Stupid on both sides (1)

similar_name (1164087) | about 6 years ago | (#22823656)

Don't forget do-not-reply.com and any other variation. It might not be so easy to reserve every bogus email that people use.

Re:Stupid on both sides (1)

fbartho (840012) | about 6 years ago | (#22823778)

hey! I know a good triple of bogus words: Google and Gmail and Googlemail. Let's keyword those. NOONE would ever think of using those as valid addresses.

(just supporting your comment that it might not be easy to define "bogus domain")

Re:Stupid on both sides (1)

MMC Monster (602931) | about 6 years ago | (#22823724)

Unless you count being stupid as a fault, which picking that domain is a little unwise.
Well, he could always give it up. I think it's a pretty cool domain name, but would not bother with it, given the amount of extraneous traffic associated with it.

Re:Stupid on both sides (3, Interesting)

EdIII (1114411) | about 6 years ago | (#22823852)

I don't think he will give it up. He says he, "receives millions of wayward e-mails each week".

I operate an email servicing company. The costs of the bandwidth alone for millions of emails each week is NOT cheap. The server may not have to be that expensive, as it is only about 2 to 10 emails per second (approx. 2 per million), which is not that outrageous. Disk space is cheap these days and he can delete a lot of stuff coming in pretty fast.

However, that bandwidth is costing him money. A fair amount of it too. Hard to say, since he is in Seattle. I would think a couple hundred bucks a month all day long if not more.

So if he is spending that kind of money to keep it, it must be making him money. That's just my opinion....

step 3 (2, Insightful)

Scrameustache (459504) | about 6 years ago | (#22823848)

The lawsuits are funny, since the header information will show conclusively that those people intentionally redirected the traffic to this guy. If anything, he can counter-sue.
Sounds like a business plan!

Re:Stupid on both sides (0)

Dhalka226 (559740) | about 6 years ago | (#22823908)

Well, I think you're giving the site operator a bit too much credit. I took a look at the actual site at that domain. I don't know if it was always this way or become it at some point in the past, but it looks like it exists for no other reason than to post these emails and make fun of the companies involved, seemingly exclusively, all the way back to late 2005 when their current site's archives end. I dug into their "Old Site" archives and it looks like this behavior began on January 30, 2004. The difference in dates isn't as impressive as it sounds; there are only 5 entries between the very first entry ever and the "I'm going to start posting these emails."

At the bottom of his site is some pseudo-legalese trying to say he's going to bill people for the emails and then post them: "Use of the domain donotreply.com is billed at $100 per day or $1 per email minimum - post billed. This domain is not for sale, nor to be used in unauthorized mailings,addresses, or automated systems. Any use of the domain that results in damage to the server may incur additional billing. Please contact chet at poe-news.com for other pricing and the billing mailing address. Unauthorized use of this domain gives me full rights to post any emails involved using the unauthorized address. Don't like it? Don't use it."

He's not a victim. Really, he's just a bit of a douche.

Re:Stupid on both sides (1)

EdIII (1114411) | about 6 years ago | (#22823962)

I had not read that far yet in the article. I know, I know a ./'er not reading the article.. for shame.

He is a "douche". But he is also a technically correct douche, the best kind douche :)

The companies are douches for forging their headers, and he is a douche for deliberately exploiting those douches. So in fact, he may be a double-douche.

Re:Stupid on both sides (1)

Hatta (162192) | about 6 years ago | (#22823984)

The companies who email him are not victims either, and still bigger douches.

Re:Stupid on both sides (1)

ceoyoyo (59147) | about 6 years ago | (#22824098)

He's probably not a victim, unless he actually intended to do something with the site before he realized how much crap e-mail it would get. He's not a douche though. In all the postings I read he removed any sensitive information. He's actually doing both the companies AND their customers a really huge favor. If he didn't own this domain do you think it would be someone who blacked out the sensitive info, or someone who tried to "monetize" it?

.invalid exists (1)

John Hasler (414242) | about 6 years ago | (#22823986)

> The only thing I can think of is that donotreply.com becomes a reserved word...

".invalid" is already a reserved top-level domain. Thus "donotreply.invalid"
would produce the desired behavior.

> ...which is probably easier than getting all those mail administrators to change their
> behavior, or to get smarter.

This guy seems to be dealing with it. Perhaps he could arrange for incoming emails to be automatically entered into a database searchable at www.donotreply.com. Should be easily doable by hacking on one of the mailing-list packages.

Cease and Desist Letters for legally owned domains (3, Funny)

PhreakOfTime (588141) | about 6 years ago | (#22823512)

I find myself in a somewhat similar situation. I was supposed to do some work for a company who later ended up folding because of 'bad management', and I was left holding the bag on the domain I purchased at their instruction, that they never paid me for.(they didnt want to buy it, I dont know?).

Other than getting all the requests for 'why havent you paid us yet', the end result is that almost 2 years later these people are COMING AFTER ME WITH A CEASE AND DESIST LETTER and demanding that I turn over this domain and others to them for free because it 'infringes on their copyright'. Although, I honestly can say Im not suprised that Caton Commercial, the real estate company who is operating as the umbrella company for all these shell companies who eventually go under, doesnt know its ass from a whole in the ground.

Knowing full well that this sort of behavior is borderline as far as being professional, I posted the full contents of the Cease and Desist Letter sent by a Mr John Argoudelis [demystify.info] online so anyone thinking of working with this company may come across this sort of behavior and maybe think twice. Lawyers and Real Estate agents.... whew... what a combo of integrity!

The company is also involved in numerous court cases relating to other aspects of their business practices. Ive posted a short description of the Will County court cases that caton commercial is involved in [blackjackandhookers.org] at my blackjack and hookers site.

In fact, forget the blackjack!

Re:Cease and Desist Letters for legally owned doma (2, Funny)

moderatorrater (1095745) | about 6 years ago | (#22823612)

In fact, forget the blackjack!
I went to hookers.com, and it doesn't look like your site at all! In fact, it's...

Just a minute, my boss just walked up with a box.

Re:Cease and Desist Letters for legally owned doma (1)

sjames (1099) | about 6 years ago | (#22823790)

Just re-direct all email and web for that domain to a collection agency. You might even be able to contract for finder's fees.

That or put up a zone file pointing to 127.0.0.1 for the A record.

Never thought of "donotreply.com" (1)

Duncan Blackthorne (1095849) | about 6 years ago | (#22823532)

I have used "no.one@nowhere.org" and "some.one@somewhere.org" as bogus email addresses before, but never thought of using "donotreply.com" for anything. In fact, I'd pay good money (and have offered several times, only to be ignored) to have an email address @somewhere.org or @nowhere.org..

I have a suggestion: (5, Funny)

Lxy (80823) | about 6 years ago | (#22823554)

1. Company A uses companya@donotreply.com as it's return address

2. Donotreply owner sets up an autoreply for companya@donotreply.com. This auto-reply should be inappropriate, goatse is definitely an option.

3. Company A loses customers in droves, problem solved.

Re:I have a suggestion: (1)

EdIII (1114411) | about 6 years ago | (#22823684)

Your that type of kid that put the flaming bag of dog doody on my front porch aren't you?

Yeah you are... I got your number :)

RFC 2606 (5, Informative)

mmontour (2208) | about 6 years ago | (#22823566)

RFC 2606 [rfc-editor.org] (dated June 1999) solves this problem by defining reserved domains such as "example.com" (for use in documentation) and:

            ".invalid" is intended for use in online construction of domain
            names that are sure to be invalid and which it is obvious at a
            glance are invalid.

A possible use for example.com (3, Informative)

stevel (64802) | about 6 years ago | (#22823568)

ICANN reserved example.com, example.org and example.net for use in documentation and other places where you want to put an "example" domain name, but I find that most people are not aware of this. Email sent to these domains is discarded.

For reply addresses, a more reasonable protocol would be to use the sender's actual domain but with an invalid username, as Poromenos1 suggests. A further problem of using a domain not your own as a sender address is that the recipient's email server may block it due to SPF records or other checks on sender domains.

I remember once getting an incensed missive from the owner of asdfg.com who complained about emails we were sending him regarding updates of our product. Turned out that a user had entered that domain when he registered the product in an attempt to not get our emails.

Re:A possible use for example.com (1)

Niten (201835) | about 6 years ago | (#22823706)

Good point, but just to nitpick:

A further problem of using a domain not your own as a sender address is that the recipient's email server may block it due to SPF records or other checks on sender domains.

SPF policies apply only to the envelope sender address, not the message's From: header.

Re:A possible use for example.com (3, Insightful)

noidentity (188756) | about 6 years ago | (#22824062)

I remember once getting an incensed missive from the owner of asdfg.com who complained about emails we were sending him regarding updates of our product. Turned out that a user had entered that domain when he registered the product in an attempt to not get our emails.

I usually just do admin@domain, where domain is the domain of the stupid website I'm trying to access which pointlessly requires me to register first. The solution is to not require registration, rather than trying to block all the bullshit addresses the user might enter.

Re:A possible use for example.com (1)

RyoShin (610051) | about 6 years ago | (#22824102)

I remember once getting an incensed missive from the owner of asdfg.com who complained about emails we were sending him regarding updates of our product. Turned out that a user had entered that domain when he registered the product in an attempt to not get our emails.
Heh. When I'm feeling less vulgar and need a fake address, I use the e-mail address "bob@bob.com". I never thought about who might actually get the e-mails and see what kind of sites I visit. Visiting bob.com just now, I can't tell what the hell they do, so I'm not as worried about them getting annoyed by reckless e-mail.

However, I do know the annoyance that what wrong addresses can do. Even on a single-user basis, it can be annoying as hell. I have an alternative gmail address that was supposed to be used for purely business purposes ("what's a tukaro?"). I have a rather generic name, even including the middle name, so it took some time to find one that fit and was free.

As it turns out, someone decided to get this same handle, but for a yahoo (or some other) account. I'm not sure if the guy was moving from or to the account, but he changed his address and wound up changing a lot of his accounts to use my gmail address. It was funny at first when I'd get a newsletter or something (just removed myself), but then he would order stuff with my e-mail address. (The companies he signed up with apparently don't bother to confirm addresses when you change them, so I got no mail when he did so.) First was a record from some Yahoo! store. I explained the situation, he had paid and everything, but they cancelled the order and said it was fraud. (They later added an update with the e-mail I sent them.) Not my intention, but on well.

Later he purchased a vase or something from Overstock.com. I was able to change his password to get in (good thing they don't just send a plain-text one) and got his mailing address (I had access to the phone number but did not write it down). I then contacted Overstock about the situation- they said they would try to contact him and continue to ship the order. A day or two later he had recovered the account and changed the address.

I was fine to let it be at that point, but this guy must have been some great kind of idiot. A few months later he apparently needs a loan for a car, so he heads to Roadloans.com. Not only does he put in my address, but he summarily gets denied and my account is suddenly littered with spam. I don't post this address anywhere (except for one resume page on a personal domain, which a bot would have to luck upon because it's not linked anywhere and has a non-obvious URL), so I'm fairly certain his sign up with roadloans caused it.

At this point, I got fed up, grabbed the physical address I had for him, and wrote out a rather stern letter telling him that he needs to stop this, that I'm getting tired of it, and that he should consider himself lucky that the account didn't belong to a nefarious individual. I sent it off in the mail and haven't had a problem since. The first and last thing I got meant for him had a time difference of a year and a half. Makes me wonder what else he's signed me up for.

Rather funny after the fact, but fairly annoying during the whole thing. I still get spam to that account, too, though it's decreased. I can't imagine the aggravation that would be caused from hundreds or more people putting his domain address down.

My domain (2, Insightful)

Cytlid (95255) | about 6 years ago | (#22823572)

Because I have the existential geek name, as it appears in so many tech books, I registered Fredtest.com. You would be surprised how many other IT Fred's out there send mail to Fred@fredtest.com.

I got bored with replying (some guy in SanDiego is a real estate agent for ReMax, I don't think he ever got it), so I just limited what my mail server will accept.

  Now it just bounces back to the sender and hopefully they think "oops, perhaps I shouldn't do that", which is what I believe this guy should do. Discourage the bad behavior, don't exploit it.

So far (1)

papermate (1170661) | about 6 years ago | (#22823576)

Faliszek says his blog has raised roughly $5,000 for local dog pounds.
He could probably raise more money by suing them for all that spam.

Reminds me of the time... (1)

x1000101 (1248730) | about 6 years ago | (#22823580)

I had an email addy from a large internet provider and apparently a lot of people thought it was theirs! Interesting emails I would get from peoples, friends, wives, coworkers...etc... even signup/login information for some websites. Replied to some people telling them I wasn't who they thought I was and one of them flipped out and told me off...

Fowarding + Wikileaks = hilarity (0)

Anonymous Coward | about 6 years ago | (#22823600)

For some real fun, he should forward all of the incoming mail to wikileaks.

Sort of like copying to file... (3, Interesting)

ShaunC (203807) | about 6 years ago | (#22823618)

For a long time, I had the screen name "File" on AOL. I'm not sure where the practice originates (perhaps Lotus), but many, many AOL users would compose an email and cc it to "File" thinking they were saving a copy for themselves. I wound up with all sorts of interesting stuff over the years.

I did this once. (4, Funny)

ScottForbes (528679) | about 6 years ago | (#22823628)

Many years ago I (briefly) owned the e-mail address uucp@aol.com, which received all sorts of interesting messages from platforms that blindly assumed everyone else was running Unix too. After suspending the address and asking AOL to put it on their reserved list (which they did), I wrote it up for the RISKS Digest. [ncl.ac.uk]

Re:I did this once. (4, Interesting)

kju (327) | about 6 years ago | (#22823968)

I had a similar experience. A mobile phone operator (now defunct) allowed its customers to get mailadresses under their domain. So i got postmaster@domain which was accepted happily by the system. I deleted the alias a few days later though, because the amount of mail really got out of hand. I heard from another sysadmin who using the forged name "Andreas Buse" registered the mailadress abuse@... with his provider. :-)

Sell captured emails (3, Insightful)

OrangeTide (124937) | about 6 years ago | (#22823658)

He should provide a search feature for all the email, archive it. and then sell full content any email on the site for $1. There might be interesting stuff he's catching, especially if legal departments of various companies are going after him.
(no I didn't RTFA)

Reminds me of my younger days (5, Funny)

eln (21727) | about 6 years ago | (#22823660)

I remember during my very first paying job as a sysadmin (1997-ish), I was tasked to set up a new mail server. For some reason, I decided as part of my testing to send email to an "invalid" remote address that I came up with off the top of my head (bob@bob.com I think it was, or maybe foo@foo.com or something like that). So, I wrote a script that just sent thousands of emails out at once to this address. Within maybe 20 minutes, I get an angry phone call from the domain owner telling me to stop spamming him.

I learned my lesson, though. Now I never put my real phone number in the whois record for my domains.

Re:Reminds me of my younger days (1)

DirePickle (796986) | about 6 years ago | (#22823834)

Poor bob@bob.com! That used to be my default email to use when registering at potentially-spammy sites!

Re:Reminds me of my younger days (1)

Monkeyman334 (205694) | about 6 years ago | (#22823942)

I had a friend that worked for a major online phone book. Among the features was a reverse lookup. As a joke, they found a guy named "I. P. Freely" and put his phone number in the example block. So, if someone was feeling adventurous or curious they'd look it up and get a good laugh. Well, one day they got a phone call, it was I. P. Freely, and he politely asked that his name be taken off the example.

I didn't learn any lessons. It just made me wonder why on earth someone named I. P. Freely would use his initials in the phone book instead of his full name.

Re:Reminds me of my younger days (1)

hardburn (141468) | about 6 years ago | (#22823950)

I hope you were being sarcastic, because otherwise, I think you learned the wrong lesson . . .

donotreply.com (1)

hansamurai (907719) | about 6 years ago | (#22823664)

This is a fun site to read, but it doesn't appear he has updated it in over a month! Hopefully not all of these companies have caught on by now...

Faliszek? (1)

Netsabes (255282) | about 6 years ago | (#22823710)

Faliszek? Chet Faliszek? A "Seattle-based programmer"? Ah! That must be half of Old Man Murray, then. Also the writer of Valve's upcoming Left 4 Dead.

Been there, done that (1)

HardCase (14757) | about 6 years ago | (#22823730)

I used to have me@myself.com from mail.com (I guess they've morphed into something else). I thought that it would be cute. It was an utter waste of my bandwidth.

I used to host nospin.com. You wouldn't believe all of the bizarre crap that came in for Bill O'Reilly. I used to forward them on, but the sheer volume and, well, stupidity made me trash them instead.

blahblah.com (1)

MrMunkey (1039894) | about 6 years ago | (#22823750)

I used to work for a company where the owner's son owned the domain blahblah.com. It was a way for this guy (in his 30's) to have a forum and talk with what seemed to be teens. Anyway, we had to block all the junk mail that came in. That's when I opted for a spam blocking service through Sprint so that we didn't have to deal with all the traffic. How many times have you put in blah@blahblah.com on some stupid form?

Re:blahblah.com (1)

techno-vampire (666512) | about 6 years ago | (#22823924)

How many times have you put in blah@blahblah.com on some stupid form?


I haven't done that, but I used to do something much worse. At one point, for my sins, I served time on the helldesk of an ISP. Every now and then I'd make a note of the email address of a foul-mouthed, abusive caller who really didn't deserve the good service i tried to give everybody. For the next several weeks I'd have fun signing them up for mailing lists, newsletters and using their name on those stupid webforms that want your email address even though they have no legitimate use for it.

Who is getting all my mail? (0)

Anonymous Coward | about 6 years ago | (#22823768)

Is it you?

Sincerely,
Slashdot_User@127.0.0.1

Damn! I wish I had this domain! (1)

kimvette (919543) | about 6 years ago | (#22823794)

I wish I had this domain! Getting insider info on all these companies - - one could make a fortune on the stock market!

Heh - Been there, done that (5, Funny)

filesiteguy (695431) | about 6 years ago | (#22823812)

Reminds me of when I was the email admin at Hershey Business Systems - a Los Angeles based integrator - in the '90s. Because the domain - hbsi.com - was taken, the owners took hershey.com back in 1994.

My favorites:

Sent: Sunday, July 04, 1999 8:12 AM
To: kai@hershey.com
Subject: From: Kim!!
Hi! grandma I am so thankful that you came all the
way from Florida to see me and by the way..... thanx
for the choc cookie!! and next time you come over
could you bring the extra pleasure condoms. I need
them for me and Ryan.
love you Grandma!!
Kim

Sent: Monday, July 05, 1999 12:09 PM
To: Kim
From: Kai
Subject: From: Kim!!

Kim:

We are not your grandmother.

Kai Ponte
Hershey Business Systems

Then there was this one from an AOL member (figures):

From: TrtleGrl69@aol.com
Sent: Wednesday, August 11, 1999 2:19 PM
Subject: no response to our email dealing with
            dead bugs in my payday
I am extremely disappointed at the fact you have not
responded to this incident. I'm upset that I purchased a
payday and began eating it and ended up seeing a worm like
bug with bug carcasses and holes in and on the candy
bar.
I ... will continue to write you until I get a response.
Talk about extremely bad customer service.
Chad Weaver

I liked my response:

From: Ponte, Kai <kai@hershey.com>
Sent: Monday, August 30, 1999 7:20 AM
To: TrtleGrl69@aol.com
Subject: RE: no response to our email
                          dealing with dead bugs in my payday

The worm like creature you found - was it alive?

Did it taste good?

Kai Ponte
Information Technology Specialist
Hershey Business Systems

They should be using... (4, Informative)

msauve (701917) | about 6 years ago | (#22823832)

donotreply.invalid or example.com. These are reserved for just this sort of thing by RFC 2606 [rfc-editor.org].

In a similar manner, people wanting fake IP addresses to use for documentation, training, etc., should use addresses in the 192.0.2.0/24 range, which is reserved by RFC 3330 [rfc-editor.org].

How many emails does he get (0)

Anonymous Coward | about 6 years ago | (#22823844)

How many emails does he gets with just "OK" in the body?

I use .... (1)

rahvin112 (446269) | about 6 years ago | (#22823872)

I use bob@aol.com for situations similar to this or where it's just a spam harvesting operation. I sometimes feel bad for Bob, then I remember Bob uses aol and I don't feel so bad for Bob.

How about nospam.com? (3, Interesting)

billsf (34378) | about 6 years ago | (#22823890)

Actually that one is taken and its DNS is: {ns1/ns2.anything.com}. I fully agree these are overly generic (both of the past domains qualify) and should be 'reserved' for nobody, and that isn't {nobody.com}... It all depends on who runs the TLD. Some are more permissive than others. Playing 'by the book', '.com' probably allows some very tacky names -- Its a 'generic domain'. A geographic TLD would take quite some care to avoid misuse. Clearly, names of government agencies are to be avoided, but does '.com'? I don't think any individual would ever get, {fbi.us} or, heaven forbid, {irs.us} or here, {avid.nl} or anything with 'belasting' in it, unless you really are the 'tax people'.

At first I thought all this (domain hacks) was quite funny. However, it is unfortunate so many see the net as one big crime spree.

test.com (1)

Mr. Jax (686488) | about 6 years ago | (#22824068)

At the last place I worked all the developers constantly used test.com and QA used that domain for testing as well. The server also sent out these emails. Me thinks there are a lot more people sending mail to test.com.

He's not just some guy in Seattle... (4, Informative)

Mr2001 (90979) | about 6 years ago | (#22824146)

The guy who runs donotreply.com is Chet Faliszek, one half of the "Chet and Erik" who ran the gaming humor site Old Man Murray [oldmanmurray.com] and then went on to write the dialogue for Portal.

Incidentally, they never did send me a prize for winning that CrateMaster contest. Bastards!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...