Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Happens To Bounced @Donotreply.com E-Mails

Posted by ScuttleMonkey on from the lazy-people-who-can't-configure-mail-servers-to-do-their-bidding dept.

An anonymous reader writes "The Washington Post's Security Fix blog today features a funny but scary interview with a guy in Seattle who owns the domain name donotreply.com. Apparently, everyone from major US banks to the Transportation Security Administration to contractors in Iraq use some variation on the address in the "From:" field of all e-mails sent out, with the result that bounced e-mails go to the owner of donotreply.com.'With the exception of extreme cases like those mentioned above, Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It's just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.'"

7 of 286 comments (clear)

  1. Business plan by Boa+Constrictor · · Score: 5, Informative

    It's not like he didn't see it coming -- "Unauthorized use of this domain gives me full rights to post any emails involved using the unauthorized address. Don't like it? Don't use it." The website is a blog based on the email he receives at the domain. Exploitative it may be, but I thought most folks with sense used "noreply@ourcompany.com" or variations thereof.

  2. RFC 2606 by mmontour · · Score: 5, Informative

    RFC 2606 (dated June 1999) solves this problem by defining reserved domains such as "example.com" (for use in documentation) and:

                ".invalid" is intended for use in online construction of domain
                names that are sure to be invalid and which it is obvious at a
                glance are invalid.

  3. Re:WTF by Anonymous Coward · · Score: 5, Informative

    May I suggest reading RFC 2606, Reserved Top Level DNS Names. There is example.com for a reason.

    http://tools.ietf.org/html/rfc2606

  4. Re:WTF by sjames · · Score: 4, Informative

    Surely they should use example.com (Documented in RFCs to never be a real domain). It has no MX and points to a simple web page that just says it's an example for documentation and gives a link to the relevant RFC.

  5. They should be using... by msauve · · Score: 4, Informative

    donotreply.invalid or example.com. These are reserved for just this sort of thing by RFC 2606.

    In a similar manner, people wanting fake IP addresses to use for documentation, training, etc., should use addresses in the 192.0.2.0/24 range, which is reserved by RFC 3330.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  6. Re:forgery? by GregGardner · · Score: 4, Informative

    Whether it is arcane or not is debatable, but the CAN-SPAM Act of 2003 specifically prohibits using a false "From" header.

    http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm

    "It bans false or misleading header information. Your email's "From," "To," and routing information - including the originating domain name and email address - must be accurate and identify the person who initiated the email."

  7. He's not just some guy in Seattle... by Mr2001 · · Score: 4, Informative

    The guy who runs donotreply.com is Chet Faliszek, one half of the "Chet and Erik" who ran the gaming humor site Old Man Murray and then went on to write the dialogue for Portal.

    Incidentally, they never did send me a prize for winning that CrateMaster contest. Bastards!

    --
    Visual IRC: Fast. Powerful. Free.