Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Happens To Bounced @Donotreply.com E-Mails

Posted by ScuttleMonkey on from the lazy-people-who-can't-configure-mail-servers-to-do-their-bidding dept.

An anonymous reader writes "The Washington Post's Security Fix blog today features a funny but scary interview with a guy in Seattle who owns the domain name donotreply.com. Apparently, everyone from major US banks to the Transportation Security Administration to contractors in Iraq use some variation on the address in the "From:" field of all e-mails sent out, with the result that bounced e-mails go to the owner of donotreply.com.'With the exception of extreme cases like those mentioned above, Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It's just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.'"

5 of 286 comments (clear)

  1. *Cough* by geekoid · · Score: 5, Insightful

    wikileaks might be a good place to expose those documents. Hey, They sent them to YOU. It's will only take a few and this will be curbed.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    1. Re:*Cough* by slawo · · Score: 5, Insightful

      In return he could sue the hell out of them for falsifying their e-mail headers and addresses and for using his domain name without his permission.
      In addition I'm pretty sure someone could probably find a way to use US copyright laws and make them pay money for using his domain name (Intellectual Property) without his permission.

      --
      The road to hell is paved with good intentions...
  2. WTF by Poromenos1 · · Score: 5, Insightful

    What idiot decided this was good policy anyway? What happened to donotreply@companydomain.com?

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
    1. Re:WTF by EdIII · · Score: 5, Insightful

      That is what you are supposed to do of course. If you are operating a mail server you are NEVER supposed to put information for domains you don't control into the headers. That is what spammers do.

      Now that I have thought about it a bit more, this is about the money. If they put donotreply@companydomain.com, then the inevitable replies would eat up their bandwidth and processing power on their incoming mail servers.

      By forging that information, which is not good policy, they are intentionally redirecting that reply to somewhere else. They may have thought that the sending mail server would simply give a permanent delivery failure notice to the sender, but in this case that forged information leads to an active mail server which accepts all of those emails.

      Who is the bigger "butthead" here? The companies intentionally forging their emails or the guy who owns this domain and is exploiting this companies (after they have already harassed him) to save a couple of animals?

  3. Stupid on both sides by EdIII · · Score: 5, Insightful

    Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It's just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.'"


    Sounds like he is the one being hurt here. Of course somebody has to own that domain (I guess) and he decided too. Terrible domain name, but still not his fault.

    Which brings me to:

    Apparently, everyone from major US banks to the Transportation Security Administration to contractors in Iraq use some variation on the address in the "From:" field of all e-mails sent out, with the result that bounced e-mails go to the owner of donotreply.com.


    All of these organizations and companies are just being cute by forging their FROM headers. Technically that should not be allowed, but you can do it anyways. They don't want to deal with it and they create "one-way" traffic by inserting bogus information into that header.

    The problem is that bogus information is an actual domain that is active and running a mail server. They are treating it like is a reserved word.

    The lawsuits are funny, since the header information will show conclusively that those people intentionally redirected the traffic to this guy. If anything, he can counter-sue.

    The only thing I can think of is that donotreply.com becomes a reserved word, which is probably easier than getting all those mail administrators to change their behavior, or to get smarter.

    In any case, the domain owner is without fault on this one. Unless you count being stupid as a fault, which picking that domain is a little unwise.