Slashdot Mirror
What Happens To Bounced @Donotreply.com E-Mails
An anonymous reader writes "The Washington Post's Security Fix blog today features a funny but scary interview with a guy in Seattle who owns the domain name donotreply.com. Apparently, everyone from major US banks to the Transportation Security Administration to contractors in Iraq use some variation on the address in the "From:" field of all e-mails sent out, with the result that bounced e-mails go to the owner of donotreply.com.'With the exception of extreme cases like those mentioned above, Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It's just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.'"
There's gotta be some ridiculously arcane law on the books somewhere whereby the practice of using a false "from" header would be considered forgery.
This guy's the limit!
Well, if you are signing up for a network management seminar, or something of the like, then you might also be the person that gets abuse@yourcompany.com, admin@yourcompany.com, it@yourcompany.com and a host of other generic email addresses. So perhaps you don't want them to even have your domain name?
No comprende? Let me type that a little slower for you...
For a long time, I had the screen name "File" on AOL. I'm not sure where the practice originates (perhaps Lotus), but many, many AOL users would compose an email and cc it to "File" thinking they were saving a copy for themselves. I wound up with all sorts of interesting stuff over the years.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
I don't think he will give it up. He says he, "receives millions of wayward e-mails each week".
I operate an email servicing company. The costs of the bandwidth alone for millions of emails each week is NOT cheap. The server may not have to be that expensive, as it is only about 2 to 10 emails per second (approx. 2 per million), which is not that outrageous. Disk space is cheap these days and he can delete a lot of stuff coming in pretty fast.
However, that bandwidth is costing him money. A fair amount of it too. Hard to say, since he is in Seattle. I would think a couple hundred bucks a month all day long if not more.
So if he is spending that kind of money to keep it, it must be making him money. That's just my opinion....
Actually that one is taken and its DNS is: {ns1/ns2.anything.com}. I fully agree these are overly generic (both of the past domains qualify) and should be 'reserved' for nobody, and that isn't {nobody.com}... It all depends on who runs the TLD. Some are more permissive than others. Playing 'by the book', '.com' probably allows some very tacky names -- Its a 'generic domain'. A geographic TLD would take quite some care to avoid misuse. Clearly, names of government agencies are to be avoided, but does '.com'? I don't think any individual would ever get, {fbi.us} or, heaven forbid, {irs.us} or here, {avid.nl} or anything with 'belasting' in it, unless you really are the 'tax people'.
At first I thought all this (domain hacks) was quite funny. However, it is unfortunate so many see the net as one big crime spree.
I had a similar experience. A mobile phone operator (now defunct) allowed its customers to get mailadresses under their domain. So i got postmaster@domain which was accepted happily by the system. I deleted the alias a few days later though, because the amount of mail really got out of hand. I heard from another sysadmin who using the forged name "Andreas Buse" registered the mailadress abuse@... with his provider. :-)
I wonder how much mail nospam.com gets.... it appears to be held by a portal pumper/domain squatter.
Kicks and giggles. I thought it would be funny to have an @donotreply.com e-mail address. had I known about all the crap that would filter through, I probably would have sold it.
"Teach a man to build a fire, and he's warm for a day. Set a man on fire and he's warm for the rest of his life."
think about it - the CAN SPAM act makes it a felony for commercial enterprises to "materially falsifi[y] header information," which is EXACTLY what the bozos who cause this problem are doing.
If I owned the domain, I'd be contacting every commercial enterprise who's email got bounced to me, and letting them know that for a nominal fee, they could avoid my getting the feds to take notice of their illegal activities.
"National Security is the chief cause of national insecurity." - Celine's First Law
for years and he never complains. I liked the Wikileaks idea though.
They sent them to some misspelled or otherwise bad address at some _other_ domain, which bounced them to donotreply.com.
They used 'something@donotreply.com' as their email address, even though they didn't own 'donotreply.com'.
Then, they sent email to a bad address at another domain, who then bounced the message too 'something@donotreply.com'.
That's also pretty stupid.
My family used to have a number just 3 off from a very popular pharmacy in town. We got wrong numbers on a regular basis, but shrugged it off.
One night, very late, someone called and was quite upset that not only weren't we the pharmacy, but that we couldn't transfer their call to the pharmacist. This in the days when yoh could choose pluse or tone dial phones. My mom lost her cool and gave the caller quite a talking to.
The pharmacy owner called the next day and began to chew me out (I was home sick, sheesh) for being so rude to callers that had made such an innocent mistake. I shared with him what my mom said the caller said. And I let him know that I'd have my mom call him as soon as she got in.
We know the pharmacist's home numnber. He's on the City Council. Needless to say, my mom didn't call him until a little later in the evening. And he was both rude and upset. Especially when he realizes that he actually knows my mom from business dealings (ok,ok, she represented several manufacturing firms). We (I was her partner in crome a lot) attend the next Council meeting. He spies us.
Never heard from him again. We had that number for 12 years. He got over it. People still called all hours of the day and night. We usually just hung up after that.
Ah, the good old days of rotary dial.
deleting the extra space after periods so i can stay relevant, yeah.
Node.com had a number of similar problems.
It first existed before canned sendmail configurations from vendors were common, when mail bounced from site to site much like Internet packets from router to router (rather than straight over the net to the target's Mail Transfer Agent), and most sites hacked up their own MTA configurations. A significant number of system administrators (especially at big companies and universities) got the bright idea that their users were likely to follow the manual too closely and send mail to "user@node.com". So they'd hotwire their MTA config such that mail to "@node.com" would bounce the mail with a friendly note to the user.
Of course that massively disrupted mail to node.com. So the sysadmin, from time to time, had to hunt down another "helpful" site's mail admin and educate him.
He also set up a "user"(@node.com) account and used the "vacation" program to send the "helpful letter", thus providing the service for the entire net. Vacation saves the incoming mail, too. It turns out the "problem" was essentially non-existent. "user@node.com" only got one or two mails per month - at least until some idiots used "user" and "node.com" as the default fields in their mailing list signup pages... And then the spammers got hold of it...
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I bet he's at the Guantanamo Bay Resort and Re-education facility now...
Ramen