Network News

X My Profile
View More Activity

They Told You Not To Reply

When businesses want to communicate with their customers via e-mail, many send messages with a bogus return address, e.g. "somethinghere@donotreply.com." The practice is meant to communicate to recipients that any replies will go unread.

But when those messages are sent to an inactive e-mail address or the recipient ignores the instruction and replies anyway, the missives don't just disappear into the digital ether.

Instead, they land in Chet Faliszek's e-mail box.

As owner of www.donotreply.com, the Seattle-based programmer receives millions of wayward e-mails each week, including a great many missives destined for executives at Fortune 500 companies or bank customers, even sensitive messages sent by government personnel and contractors.

The majority of the e-mails naturally are from spammers, who also are quite fond of using Faliszek's domain name in the "From" field of their junk e-mails. Some of the non-spam bounce-backs are fairly harmless, like the ones he gets every so often from desperate, hungry people who bought a CharBroil brand grill but can't get the thing to work properly.

"Instead of letting people just hit reply to these support mails, they make the customer click on a link," Faliszek said. "It's sad, too, because I'll get these e-mails from people and they're like 'Oh, man, I really wanted to grill, but it's not working.' Sometimes they'll even send pictures of their grill, too."

But many of the misdirected e-mails amount to serious security and privacy violations. In February, Faliszek began receiving e-mails sent by Yardville National Bank in New Jersey (now part of PNC). Included in the message were PDF documents detailing every computer the bank owned that was not currently patched against the latest security vulnerabilities. Faliszek has so far amassed more than 200 reports about the bank detailing computers, full branch reports and graphs showing the top 10 most vulnerable systems.

In a blog post cleverly titled "What's in Your Return Address Field," Faliszek posted another bank screw up last month after he began receiving replies from Capital One customers inquiring about various details of their accounts. He says Capital One appears to have used donotreply.com as the return address for automated payment transfers and debits set up by customers.

Faliszek also routinely receives bizarre e-mails from Kellog Brown & Root, a Houston-based engineering company and former subsidiary of Halliburton. He said it looks like someone at KBR has set up a system that scans incoming faxes as PDFs and mails them off to various recipients.

"It's really kind of weird, because I'll get these faxes from Iraq, where they talk about various camps, when and where they're moving the support equipment, what they're buying, accident reports, and information on people applying for jobs," Faliszek said.

Faliszek bought donotreply.com back in 2000 when he and some friends were running an e-mail service. But he never imagined he would get such a huge volume of misdirected mail.

"We started thinking of all the stupid e-mail names we could register, and we all thought it would be funny to send e-mail from an account at donotreply.com," Faliszek said.

With the exception of extreme cases like those mentioned above, Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It's just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.

"I've had people yell at me, saying these e-mails are marked private and that I shouldn't read them," Faliszek said. "They get all frantic like I've done something to them, particularly when you talk to the non-technical people at these companies."

Instead, he blogs about the most interesting ones. Companies embarrassed by having their e-mails posted online can get him to pull the entries from his blog for a small payment. The normal fee to be removed from the site is proof of a donation to an animal protective league or humane society. So far, Faliszek says his blog has raised roughly $5,000 for local dog pounds.

By Brian Krebs  |  March 21, 2008; 9:30 AM ET
Categories:  From the Bunker , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: White House Taps Tech Entrepreneur For Cyber Post
Next: Network Solutions Pre-Censors Anti-Islam Site

Comments

As the owner of deadbeef.com I see the same kind of stuff, but as much volume. There have been only a few nerds who thought sending email from deadbeef.com would be funny, not realizing that it was a real domain.

Posted by: Jeremy | March 21, 2008 3:11 PM | Report abuse

uh nice try..

so instead of not having a "catch-all" account name under that domain so you don't have to deal with these emails, you prefer to just grab everything, post it online and then extort companies for money to have them removed?

Posted by: anonymous | March 21, 2008 4:43 PM | Report abuse

Well, they made a mistake, they should have realized that this can really happen.

Posted by: Jason | March 21, 2008 4:48 PM | Report abuse

It's not extortion, it's "forced charity."

Posted by: Anonymous | March 21, 2008 4:52 PM | Report abuse

Uh, anonymous person, if you do not understand how technology works, please stand back and let the professionals handle it.

But, in this particular case, let me clear up a misconception for you, someone who obviously has never run a mail system before.

You DO NOT HAVE TO HAVE A CATCH-ALL. Most mail systems drop such emails into the postmaster's box for the postmaster to handle.

*sigh* I am constantly surprised by how loudly people who do not know what they're talking about, speaks.

Posted by: goodb0fh | March 21, 2008 4:52 PM | Report abuse

"you prefer to just grab everything, post it online and then extort companies for money to have them removed?"

Sounds like a great idea. STUPIDITY SHOULD BE PAINFUL. Pain is nature's way of telling you you are doing it wrong. If some company is so stupid as to put a valid email address which is not under their control as the "reply to" address, they are stupid. It is a stupidity that, unfortunately, tends to hurt anyone who receives the email, rather then the company from which the stupidity originated. It is also a copout, as the only reason to do this is as a way to prevent the dull ones, or the ones who are in a hurry, from reaching someone who can address their issues. Hopefully enough of this pain gets back to the origin of the stupidity to make a difference.
Making stupid companies pay is a valid service to the universe. It reduces stupidity. The best/worst thing? Stupidity is a renewable resource.


Posted by: Phil Smith | March 21, 2008 5:02 PM | Report abuse

re: I am constantly surprised by how loudly people who do not know what they're talking about, speaks.

Too true. Those who know the least speak the most. Thanks for the laugh 8^)

Posted by: cunning linguist | March 21, 2008 5:07 PM | Report abuse

I have a PO Box that receives mail addressed to others. Should I read the mail? It is completely immoral to violate a person's privacy or extort money from a company on the grounds that they are not tech savy. Ownership of the mail box does not imply ownership of the contents.

Posted by: josh | March 21, 2008 5:07 PM | Report abuse

Love that he ties this in with generating $ for charities. Brilliant!

Posted by: SuperFly | March 21, 2008 5:07 PM | Report abuse

I used to get this all the time when I had wildcard email for some of my dictionary-word domain names. It finally got to be too much... especially when I'd get hit with 20,000 bounce-backs from some spammers advertising blitz.

As for the people threatening the domain owner, I'd remind them that they are the ones doing email (nay, identity) forgery and can be held liable for damages.

Posted by: Anonymous | March 21, 2008 5:10 PM | Report abuse

Seeing the the companies that use donotreply.com are basically forging their headers, which I thought was illegal or at least a gray area, I'm fine with him getting a bit of money out of them.

Posted by: Ryan | March 21, 2008 5:13 PM | Report abuse

Worked for a company that didn't understand the problem. First they used test.com as a dummy email address. Until they were threatened by the owner of test.com. Then some genius decided to use abc.com. Hmmmm. That sounds like a large company to me. I setup a dummy email account on the company server and created a task to delete any incoming emails.

Posted by: QA | March 21, 2008 5:13 PM | Report abuse

He could very easily just have his email server delete all of these, but he apparently has too much fun reading them all. Not to mention too much free time.

Posted by: Geek | March 21, 2008 5:16 PM | Report abuse

> "I have a PO Box that receives mail addressed to others. Should I read the mail?"

If you read the story you'll see the email is actually addressed to him. If I were to send you a letter to your PO Box, why would I PURPOSELY address it to someone else? That is what these people are doing. I know I'd be pissed if people put my return address on crap they are mailing out.

Posted by: Anonymous | March 21, 2008 5:16 PM | Report abuse

right on! great work and shame on admins who send from donotreply.com, clearly a legit domain name. its one thing to be too lazy to process responses to mass emails (you do get a lot of bounce backs, out of office replies, etc...), and it makes sense to have users click a link instead, but take the responsibility of creating your own "catch-all" address in your own domain "donotreply@foo.com" so that at least dumb users (yes there are a few out there) who choose not to read and so hit "reply" can at least get the bounce back themselves.
I hope the companies make the admins pay the donations, or at least make them buy a book.

Posted by: i see stupid people | March 21, 2008 5:17 PM | Report abuse

@ Josh:

It's not the same.

The email is addressed *to* donotreply.com. The fact that the companies were stupid enough to say "this email came from donotreply.com" makes it more akin to a company having all customer complaints going to your PO Box in the hopes they won't have to deal with them.

Posted by: Dustin | March 21, 2008 5:18 PM | Report abuse

"I have a PO Box that receives mail addressed to others. Should I read the mail? It is completely immoral to violate a person's privacy or extort money from a company on the grounds that they are not tech savy. Ownership of the mail box does not imply ownership of the contents."

If they are smart enough to rewrite mail headers, they should be smart enough to NOT use a valid domain name.

Posted by: If your mouth is open you are not learning | March 21, 2008 5:20 PM | Report abuse

POBOX? Extort Money? LOL

If a company is hiring someone to run their systems that isn't tech savy it's called being cheap. You get what you pay for.

If you put someone elses domain name as a reply to without checking to see if it's valid you're stupid. It would take all of 5 minutes to make a donotreply@ourdomain.com and just delete them as they arrived.

According to the article this guy owns the domain. That means any email sent to the domain is his. If people can't take a few seconds and actually read email before sending it's their own fault.

Posted by: Hans Stuk | March 21, 2008 5:24 PM | Report abuse

As the owner of hell.org, I get a heck of a lot of this sort of thing as well. It's amusing. Generally what happens is someone will sign up for a service (frequent flyer programs are the most common), and use a hell.org address as their address. Then I get the confirmation email, that contains all sortd of information that probably oughtn't be in the hands of strangers.

It's kind of scary how often I'll get stuff that contains credit card numbers or other very private information.

Posted by: Mike | March 21, 2008 5:29 PM | Report abuse

I once, umm, 'knew' the owner of 'router.com'. You'd be surprised how many people type 'telnet router' and have their domain search order set to try '.com' before their local domain. We, I mean 'he', had a script that resolved the domain of the person connecting, and connected him to 'telnet.hisdomain.com' or whatever and logged the first 8Kb.

You would be amazed how many router password we, I mean 'he', got.

Posted by: David Schwartz | March 21, 2008 5:40 PM | Report abuse

@ Dustin

You seem to have missed the point. The owner of donotreply.com should be operating with a code of ethics. Reading and posting messages understood to not be his and extortion are not justified by saying the victim is stupid or careless.

Posted by: Anonymous | March 21, 2008 5:41 PM | Report abuse

I mean we proxied a connection to 'router.hisdomain.com'. So if he was connecting from 'someadminmachine.myimportantdomain.com', we'd proxy a connection to 'router.myimportantdomain.com'. He would see his normal router login banner, enter his password, and we, I mean 'he', would log it.

Posted by: David Schwartz | March 21, 2008 5:41 PM | Report abuse

Think of it as a tax on stupidity. It's very sad how many people blithely click on anything they see in their inbox, thinking it's harmless....

Posted by: S. Y. Walters | March 21, 2008 5:45 PM | Report abuse

Those of you who are yelling at him for having a "catch all" confuse me -- it's his domain; it's his prerogative. I'd be amused, too; no doubt he has a spam filter to get rid of 99% of the tripe, and spends an hour or two each week being amused.

So what, exactly, is the big deal?

(And, as a lesson, folks -- this is why you put a black hole e-mail address for your reply-to in e-mails you truly don't care about. A black hole address that goes to YOUR domain.)

Posted by: Ken | March 21, 2008 5:47 PM | Report abuse

Whoa, that guy uses the same WordPress theme that I use on my blog. Sweet.

Posted by: Soybean | March 21, 2008 5:51 PM | Report abuse

"According to the article this guy owns the domain. That means any email sent to the domain is his."

Sorry, but that's just not true. Owning a document, physical or electronic, does not mean you own the copyright. That's the angle companies could use to go after Faliszek, and frankly I'm surprised that hasn't already happened. What they are doing is moronic, but the law applies to the stupid, too.

Posted by: Bradley Dilger | March 21, 2008 5:59 PM | Report abuse

Some time ago I was getting personal, business and financial e-mail replies from some fool who had incorrectly entered my e-mail address in the reply to field of his e-mail client. I e-mailed him at the original senders from address. This short bus rider got irate and demanded that I geve him the address and password that I had been useing for years. He claimed he had a rite to my address now because this was affecting his business. I had no rite to receive his e-mails at my addrsss. I pointed out that it was his mistake and he need to correct it in his software by entering the correct address and learning to type would help. His responce was to threaton me with legal action because this was affecting his business. He had some home brew legalish boiler plate in his e-mail that he tried to claim by receiving it I was bound and required to comply with. I replied with my own boiler plate claiming that by receiving my e-mail he was legally bound to do unnatural things to his person with power tools and if his lawyer could get my lawyer to stop laughing he was welcome to procede with legal action. I never heard back and the replies stopped a few days later.

Posted by: inchitown | March 21, 2008 6:01 PM | Report abuse

This is great, hilarious, and fair. If anyone sues him, I think he would have quite the countersuit since these companies are encouraging morons to spam his domain. He should charge them a service fee for acting as their company waste bin.

Posted by: frankenbiscuit | March 21, 2008 6:10 PM | Report abuse

To: goodb0fh

No, he doesn't have to have a catch all, true. I consider it a service to the public that he is exposing the extreme incompetence of the companies in question. This should serve as a warning to the companies and consumers that someone needs to clean up their act. Be *thankful* that he isn't malicious and using the data he gets for nefarious purposes.

Do you think it's somehow a better idea that these companies should set up a situation that makes it trivial for people with ill intentions to gain access to private data?

Posted by: badbofh | March 21, 2008 6:10 PM | Report abuse

I have an email address that receives mail addressed to me. Should I instead claim to own an address at donotreply.com? It is completely immoral to violate another domain's privacy or force them to receive a lot of span on the grounds that I am not tech savy [sic]. Forging an email address does not imply ownership of the contents.

Posted by: Bug | March 21, 2008 6:14 PM | Report abuse

I think he's missing the boat here. I'd consider selling all the email addresses that arrive to spammers. :)

Posted by: stubie | March 21, 2008 6:15 PM | Report abuse

Best line of the day:

>Stupidity is a renewable resource.

That is sig-worthy.

Posted by: Joel | March 21, 2008 6:22 PM | Report abuse

1. Anyone insane enough to forge someone else's domain on outbound mail deserves every bit of pain that they're begging for.

2. Research "outscatter", aka "backscatter" and note relationship to this problem.

3. It's a very bad idea to attempt to send mail which cannot be replied to. The attempt is almost certain to frustrate attempts by mail systems to return error conditions -- as we see here. There are any number of ways (some of which are documented in RFCs) to label list traffic so that it's recognizable as such, so that automated mechanisms have a fighting chance of working properly, and so that any humans caught up in this can contact the humans in charge of the mailing list. This isn't new: it's been well-understood for decades.

So in summary: the fixes are (a) use your own domain(s) (b) always reject, never bounce (c) learn proper list management techniques and (d) use software that implements (c) instead of junk that doesn't.

Posted by: Rich Kulawiec | March 21, 2008 6:23 PM | Report abuse

"Owning a document, physical or electronic, does not mean you own the copyright. That's the angle companies could use to go after Faliszek, and frankly I'm surprised that hasn't already happened. What they are doing is moronic, but the law applies to the stupid, too."

This is true, he does not own the copyright. However, he DOES have every right to see the message. It was sent to him. It doesn't matter if it was intended or not-he still received it.

Posted by: Anonymous | March 21, 2008 6:23 PM | Report abuse

wow. I guess those banks & the govt are lucky that this guy is honest.

Posted by: tallwookie | March 21, 2008 6:23 PM | Report abuse

This is brilliant social experiment!!!

Imagine you live along a freeway. You have a nice back yard. And passing motorists just flick their garbage out the window and they land on the back yard. Some of the garbage, however, contains crumpled up $20 notes, etc.

Now, if you are the owner of that back yard, would you be saying that keeping that $20 bucks is immoral? I think not.

This is basically same thing. He owns that property and the people passing by on the info highway are dumping their garbage out. And some of people are incompetent enough to through out their valuable, and then later states he's being unethical!

Why not watch where you are throwing away the garbage rather than telling the owner that he's doing something wrong? He won't have your valuable if *you* don't throw away in the first place.

If the owner truly is going for "extortion", I think he can raise more money than $5,000. Just being an "expert" witness to class action law suit for financial institution will net him fee larger than that.

Is this what this country has come to? Blaming someone else for mistake of oneself?

Posted by: Josh | March 21, 2008 6:26 PM | Report abuse

--------------

You seem to have missed the point. The owner of donotreply.com should be operating with a code of ethics. Reading and posting messages understood to not be his and extortion are not justified by saying the victim is stupid or careless.

-------------
It would take five seconds for those companies to set up their own catchall to use instead of hijacking another person's domain, or blackhole them instead.

Email is not snail mail. 9 times out of 10 you do not know what it is until you open it.

I have a catchall on my business domains that I go through occasionally to make sure nothing got sent to a misspelled address that I might need.

Banks and large corporations have enough money to operate, I am one woman show. If I can do it, I'm sure they can implement a simple fix so they are not causing another person's domain name to get spam. They're just too cheap to hire real tech people, or too lazy to make sure the job is getting done right.

Posted by: Christen | March 21, 2008 6:33 PM | Report abuse

There are two internet standard domains for things like this - example.com, and invalid. So addresses like donotreply@really.donotreply.invalid or donotreply@example.com are just fine.
Example.com used to point nowhere, but the ICANN folks decided to set up a server there for some reason. I hope they enjoy the email they receive too, but unlike the people at donotreply.com, they officially don't have any sense of humor.

Posted by: dontreplyhereeither@example.com | March 21, 2008 6:34 PM | Report abuse

Hey! It's that guy from Old Man Murray! It figures....

Posted by: kentdog | March 21, 2008 6:36 PM | Report abuse

This is an interesting and amusing subject. What is dismaying to me is the blatant illiteracy of the self-proclaimed tech "savy" people.

Posted by: Don B | March 21, 2008 6:40 PM | Report abuse

An awful lot of people aren't getting the point here: this guy is providing a genuine service. If he didn't own donotreply.com, some gang in Russia would snap it up and actually start using what they got, rather than sending warning messages to the corporations.

He's not actually using the 'illegal' stuff he reads nefariously. Hopefully, at least some of the companies thank him, rather than threaten him with lawyers.

Posted by: pete | March 21, 2008 6:47 PM | Report abuse

goodb0fh: *sigh* I am constantly surprised by how loudly people who do not know what good grammar is, writes. I mean, "write".

Posted by: not_goodb0fh | March 21, 2008 6:54 PM | Report abuse

goodb0fh-

You are my sole mate!

Posted by: Don B | March 21, 2008 7:03 PM | Report abuse

I have this exact issue with a domain I own, Not.net.

For whatever reason, people like to insert NOT in to their domain name when posting publicly and signing up at porn sites. While I do appreciate the many porn passwords, I'm not sure what I am supposed to do with the 70+ friendster accounts I have been mailed the passwords for in the last week.

I used to track down usenet posters who used the domain as their spam stopper, it's just too much work now. There is one active email account on this domain, that receives a few emails a day. My catchall account receives 3000+ a day.


I'm not sure who nobody @ my domain is, but he is very popular. I'd like to send him a bill.

Posted by: Fatal | March 21, 2008 7:04 PM | Report abuse

As far as the ethics go: if you configure your mail server to send me traffic, it is mine. If you configure your DNS to redirect HTTP requests to me: they are mine. And so on. I may do anything I wish with them: keep them, thrown them away, publish them for public ridicule, etc.

The point being that you cannot simultaneously force something on me and claim that it still belongs to you.

Oh, and in re the suggestion that one should use example.com: no. Example.com is intended for use in documents as an example, not for actual operational deployment. Moreover, because many people know that, and know that no mail traffic should EVER come from example.com, they're increasingly configuring their inbound mail servers to reject anything with an envelope-sender, From header, Reply-To, etc. that mentions it, since it's an obvious forgery.

If one cannot deal with responses to email (computer- and human-generated) properly, then one shouldn't send that email. Far too often, one-way operations create serious problems for others, but because they (so to speak) have their fingers firmly stuck in their ears, it's impossible to report those problems and have them addressed at the source. The usual response to this is to simply blacklist the offender and write them off as hopelessly clueless.

Posted by: Rich Kulawiec | March 21, 2008 7:06 PM | Report abuse

"Sorry, but that's just not true. Owning a document, physical or electronic, does not mean you own the copyright. That's the angle companies could use to go after Faliszek, and frankly I'm surprised that hasn't already happened. What they are doing is moronic, but the law applies to the stupid, too"

idiot they cannot sue him for recieving them and publicising it!

{several rulings have already established this}

they can and should sue ,
A) the people they paid to setup their systems who chose to set their systems to forge his domain in the reply address
{with the result of him recieving these mails}

B) their customers who chose to forward their details and copyrighted material to him.
{which possibly wouldn't win them repeat custom}

but most importantly threatening him the owner isn't smart since he is only responding to their crime of identity theft by forging his domain in their mail and their violation of the US can spam act by sending mail with forged reply to and from address

Posted by: Alan Doherty | March 21, 2008 7:06 PM | Report abuse

Hey Joel, and anyone else,

If you think that "Stupidity is a renewable resource" is Sigworthy, feel free to use it. No attributions are necessary.

Posted by: Phil Smith | March 21, 2008 7:17 PM | Report abuse

This is all very funny. Thanks for the Friday amusement.

But, the REAL point here, IMO, is why are all these companies refusing to take reply mail for customer support (a big source, I imagine, for the donotreply scrap pile)? Way to be customer friendly!

The use of the "tech ignorance" excuse is also bogus, IMO. They are savvy enough to know that, by making it hard for people who are ignorant (or very tech-naive) they are likely to have to deal with fewer issues. That is tech savvy enough to be held accountable for their actions, IMO.

As for the "extortion" claim...sure, it's probably a little shady. But, c'mon, the guy has raised only about $5,000 for animal shelters. It's not as if he is asking for any serious amount of $$, or keeping it for himself. My guess is he probably takes it down for a $20 donation. Wrong? Maybe...but, far from a big deal, given who he is dealing with.

Posted by: Brian | March 21, 2008 7:21 PM | Report abuse

The Internet in the hands of mankind is like a taser in the hands of a child. Lord help us, we're just not that bright. Too hilarious...thanks for the laugh.

Posted by: Doug | March 21, 2008 7:40 PM | Report abuse

I'm just amazed that people are still using email to send sensitive data. Why not write it on a postcard and be done with it?

Posted by: Granted Yo | March 21, 2008 7:48 PM | Report abuse

It seems to me the "Code of Ethics" gentleman has misworded his complaint.

Sir, it is obvious to me that he has a code of ethics. Your complaint is that his code of ethics doesn't match yours.

As it happens, his code of ethics has judged that a minor amount of pain which results in a learning experience and in turn stops the foolish behavior that caused it is preferable. Frankly, I'm comfortable with that.

Posted by: Jonnan | March 21, 2008 7:49 PM | Report abuse

When one reads the blog, they see how nice this guy is really being. He self-censors plenty of information.

Personally, I think the ethics question cuts the other way, I'm prone to believe that it is unethical for him to remove the information regardless of payment to a charity. If you were a customer of one of these affected institutions, wouldn't you like to know? Paying off a journalist is certainly unethical.

At the same time, this whole thing is educational. If some company is willing to contact him and go through the corporate bureaucracy to cut a check to charity, hopefully their IT dept received a very strongly worded memo to cut this out in the future.

It reminds me of the password wall of shames that are at hacker conventions, if you send your password unencrypted, it WILL show up there. Better than covering your eyes and pretending nobody is looking...

Posted by: Nick H | March 21, 2008 7:55 PM | Report abuse

Chet is one of the writers of the computer game Portal.

Posted by: Ross | March 21, 2008 7:56 PM | Report abuse

I don't see anything wrong with him demanding a donation. If the companies were more generous, they would have donated the money, anyway.

Posted by: Duncan C | March 21, 2008 8:26 PM | Report abuse

I don't see anything wrong with him demanding a donation. If the companies were more generous, they would have donated the money, anyway.

Posted by: Duncan C | March 21, 2008 8:26 PM | Report abuse

"But, the REAL point here, IMO, is why are all these companies refusing to take reply mail for customer support."

Very, very true. Bug reports, no matter how tactlessly expressed, are how you find out that you have a problem with your product. Email's a pretty cheap way to receive bug reports, and vastly less irritating than some of the robotic voicemail systems I have dealt with.

Posted by: dr2chase | March 21, 2008 10:02 PM | Report abuse

All the people who are upset at this guy for posting about the email he gets have this all wrong. Yeah he could just try and delete all this junk and forget about it but he has been trying to wake up those who have been too stupid to setup there own catchall email address to the problem. This is a big security problem on the part of the companies who use his domain to dump unwanted replies not to mention an abuse of his mail server. We should be glad he is trying to educate about this. He could just as easily be quiet about it and sell what he gets to the russian mafia

Posted by: Incognito | March 21, 2008 10:12 PM | Report abuse

I feel his pain, since I own a domain that eastern European spammers like to forge in their spam that sometimes gets 400,000 bounces and replies per day. (Yes, that's the right number of zeros.)

If people are making legal threats, he might want to point out that under the mostly toothless CAN SPAM act, one of the few specifically illegal acts is to put fake return address info in "commercial" email, i.e., any mail that contains ads. Clearly a lot of the mail to which he's getting misdirected replies was commercial.
Heh heh.

Posted by: John L | March 21, 2008 10:14 PM | Report abuse

...I've been using who@cares.net. I guess I should switch to dummy@donotreply.com

Posted by: Silly me... | March 21, 2008 10:18 PM | Report abuse

"I have a PO Box that receives mail addressed to others. Should I read the mail?"
Considering the fact that opening postal mail that is not addressed to you is mail fraud, (a federal crime) I would say no.

Posted by: MCA | March 21, 2008 10:30 PM | Report abuse

Opening mail that is not addressed to you is only illegal if you steal it. News flash: if they deliver it to YOUR box - it is YOURS!

Posted by: WillDuh | March 21, 2008 11:03 PM | Report abuse

Bravo. Great idea getting them to donate to an animal charity! Absolutely perfect, especially considering the size and remoteness of the companies involved. Brings 'em back to earth a bit.

Posted by: kelsi | March 21, 2008 11:35 PM | Report abuse

It shows integrity that Mr. Faliszek actually got the media attention he needed to get through to people who are using donotreply.com as a sender or reply-to email in their mail messages. First class idiocy on their parts.

Mr. Faliszek is a cool dude. He's a hero.

Of course, the first time someone gets hurt or loses their job because of something Mr. Faliszek posts online is when Mr. Faliszek stops seeming like a hero and starts seeming like a foolish kid who loves animals.

I love animals, too, so that's cool, but companies are made up of people, and people also get hurt. Hopefully not by Mr. Faliszek, though.

-njs

Posted by: Thanks for being public about usinjs | March 22, 2008 12:09 AM | Report abuse

Oh these stupid people. They should never use a reply domain they have no business with. It might not be illegal but it's tantamount to illegal anyway. What they SHOULD do is set a reply address within their own domain. That they don't is just irresponsible - and STUPID. How is the Internet ever going to work with people like this crashing the show?

Posted by: Rick | March 22, 2008 12:19 AM | Report abuse

Those of you familiar with OldManMurray.com and Valve's Portal might recognize the name of Mr. Faliszek. He's a personal hero for a long time now.

Cheers to you, Mr. Faliszek.

Posted by: AGradStudent | March 22, 2008 1:20 AM | Report abuse


First, the amount of money collected in total pales in comparison to the amount of money that these clueless companies are saving by not having to have someone on staff answering the email. This is their goal. Having a customer service department is, in many cases, the cheapest way of deflecting people from actually getting to talk to people who are better paid than the CSR.

Second, the cluelessness extends to the junior admins who should be sent back to the customer service department, as clearly they have been promoted beyond their ability to function.

Third, stupidity is a renewable resource: priceless, and oh, so true.

Stupidity absolutely should be painful, if not lethal.

As far as the clueless ones protesting ethics out their flapping jowls, I suspect that they are the ones who instituted the policy at their respective organisations.

Posted by: plumsauce | March 22, 2008 1:44 AM | Report abuse

"Of course, the first time someone gets hurt or loses their job because of something Mr. Faliszek posts online is when Mr. Faliszek stops seeming like a hero and starts seeming like a foolish kid who loves animals."

You seem to be very confused about who is to blame for the problem in the first place. If this someone "gets hurt or loses their job" it is because of their own incompetence. If your actions caused sensitive company information to be sent to some random guy on the internet, it is not that guy's fault you lost your job.

Posted by: cheese | March 22, 2008 2:37 AM | Report abuse

The concerning thing is that it may not be just the management at some firms that do not understand the technical ramifications of what is happening but the so called technical staff!

Posted by: Steve | March 22, 2008 2:55 AM | Report abuse

I am amazed he actually admitted to extortion, what an idiot ......

Posted by: John Doe | March 22, 2008 3:50 AM | Report abuse

Far easier to use a non-existent TLD. noreply@donotreply.monkey.

Posted by: JimC | March 22, 2008 4:35 AM | Report abuse

Not the same, but similar. There was a guy in the UK who owned "mildenhall.com" for his village website. Mildenhall is a US air base in the UK. He was getting all sorts of stuff in mis-addressed emails, including (according to the BBC; google for "mildenhall email air base") stuff like presidential flight plans.

Posted by: Mike | March 22, 2008 4:56 AM | Report abuse

How is it extortion? Surely under US postal laws the addressee of any piece of communication - whether he is the addressee by intention or accident - is legally entitled to do whatever the hell they feel like with something that has been sent to them.
Besides surely these companies are committing fraud through ignorance by using his address as their own.
The rest of you need to lighten up - he's the one being inconvenienced by lazy corporate IT policies.

Posted by: PyD | March 22, 2008 5:22 AM | Report abuse

@john doe "I am amazed he actually admitted to extortion, what an idiot ......"

Sounds like an admin fee to me - like banks and lawyers charge for the smallest service.

Posted by: jonk | March 22, 2008 5:45 AM | Report abuse

No, JimC, it's not "Far easier to use a non-existent TLD. noreply@donotreply.monkey", because any sane mail system will check the TLD (as well as the domain and/or subdomain) for existence before accepting inbound traffic claiming to be from it.

Using a non-existent TLD is an excellent way to stamp "this piece of email is a forgery sent by clueless morons" all over it and to beg other email systems to reject it outright.

Posted by: Rich Kulawiec | March 22, 2008 6:24 AM | Report abuse

If donotreply.com's owner added a SPF record to the DNS information forbidding any 3rd party servers to send messages on behalf of ("From:") donotreply.com, i.e., some variation of:

TXT "v=spf1 include:donotreply.com -all"

Those 3rd party companies would be greatly surprised and wondering why their e-mails suddenly began not reaching their addressees at all, being dropped by receiving servers all over the 'Net as spam.

Much funnier in my opinion. :)

Posted by: Alexander Gieg | March 22, 2008 10:10 AM | Report abuse

Alexander, what, you would do that to these poor animals in their underpaid shelters? How can he raise funds without doing this? </sarcasm> That would truly be priceless :)

Posted by: Michel | March 22, 2008 10:31 AM | Report abuse

For those of you who don't think he fully understands the legal ramifications, read the notice at the bottom of www.donotreply.com:

Use of the domain donotreply.com is billed at $100 per day or $1 per email minimum - post billed. This domain is not for sale, nor to be used in unauthorized mailings,addresses, or automated systems. Any use of the domain that results in damage to the server may incur additional billing. Please contact chet at poe-news.com for other pricing and the billing mailing address. Unauthorized use of this domain gives me full rights to post any emails involved using the unauthorized address. Don't like it? Don't use it.

Posted by: Stan | March 22, 2008 10:53 AM | Report abuse

This reminds me a lot of the problem that hot-linking pictures causes.

I have a small website, which occasionally gets bogged down with traffic from people hotlinking my pictures (embedding my pictures into their pages).

Frequently I will contact the person who is hotlinking, and ask them to stop. Sadly, the usual response is that they tell me they can do whatever they want.

The obvious solution (and the one I take) is to replace the picture (ON MY SERVER) with something as offensive as possible.

I've had plenty of threats of lawsuits. "You've ruined my reputation" is the most common complaint.

My answer is the same each time: "stop hotlinking."

These companies are lucky that the guy in the story is so nice. I wouldn't be.

Posted by: Karl | March 22, 2008 11:19 AM | Report abuse

Let us do a thought experiment. First, let us choose an ordinary mail system as our delivery method. The United States Postal System will do nicely. Next, let us create a sensitive document to send into that delivery system. A Bank statement from your personal bank account will do. Now, let us place that document into an envelope and address the envelope to someone you trust. That person's address is abbreviated (as happens all the time). However, the return address of the envelope is made out to someone who you believe does not exist (say John Doe). You pay the postage and mail the envelope. Due to the abbreviated address, the USPS mis-delivers your envelope. The receiving party does the ethical choice and does a "return to sender". Now your envelope is redirected to John Doe. After all, you did set the return address to John Doe. When John Doe receives your envelope, he opens the envelope.

Question, is John Doe unethical for opening an envelope addressed to him? Or Do you deserve to have "I'M STUPID" tattooed to your forehead?

Ponder the situation. How is delivering the mail by Internet any different ethically?

Because you did not properly address your envelope, you unintentionally leaked sensitive information. You only have yourself to blame. What John Doe does with your sensitive information will depend on his sense of ethics. All companies and individuals who do not correctly address email need to visit the local tattoo parlor.

Posted by: Albert | March 22, 2008 11:26 AM | Report abuse

I get a laugh out of the disclaimers in some of the messages that arrive in my in-box.

"If you are not the recipient of this message you should delete it immediately..."

But I obviously am the intended recipient because you sent it directly to me.

Posted by: John | March 22, 2008 11:33 AM | Report abuse

JimC, it may seem like it's okay to use a TLD like .monkey, but it's possible (unlikely, but possible) that TLD could become valid in the future. Instead, if you truly want to use an address that is guaranteed to not work, use .invalid.

http://en.wikipedia.org/wiki/.invalid

Posted by: Steve | March 22, 2008 11:49 AM | Report abuse

Chet Faliszek has many "interesting" views on the law. His other website www.poetv.com contains multiple violations of copyright. For example "Dog scene from Invasion of the Body Snatchers" from the copyrighted movie Invasion of the Body Snatchers is currently on the front page of Poe TV. Copyright violation is rampant throughout Poe TV.
Mr. Faliszek, however, works for a company, Valve Software, that relies upon strict enforcement of intellectual property laws. That he is confused about who owns the rights to the emails he posts from donotreply.com is not surprising.

Posted by: Ken P. | March 22, 2008 12:02 PM | Report abuse

I'm sure glad this guy is honest! Now I'm wondering what happens to all the other e-mail floating around the Net that doesn't fall into such honest hands...

Posted by: Joe | March 22, 2008 12:24 PM | Report abuse

Just because it hasn't been mentioned yet (I did stop reading about half way through, though, so forgive me if it is here somewhere):

To those who claim he is "stealing" mail, or he is not entitled to read it, and by way of example suggest that mail not addressed to you is not yours or even should not be read, I will try to make this clear in language they can understand (not tech language, nor stuff techs know and assume everyone else must know too):

It IS addressed to him. People are stupidly making up his address as the return address.

He tried, many times, to warn people, politely, that this is a stupid idea and to please use your own address as the return address, because he is getting sensitive documents he really doesn't want to be getting.

For some, like spammers, they don't care. Neither, really, does he.

For others, like banks, military contractors, law enforcement, spies, and corporations engaged in hopefully confidential business, he really, really tried to get them to stop it, and since they don't understand the reason why, he's explaining why so they don't just start sending it to some other address (who might be evil, a foreign government, etc).

They responded by threatening to sue him., because they really don't understand the reason why. He gave up.

He now uses a slightly bigger stick, namely public humiliation, to get them to do the right thing. The stuff he publishes is "safe' in that it's not really sensitive, just embarrassing to customers, the bank itself, contractors, etc. That's why he has to read it; he doesn't want to use something REALLY sensitive to embarrass them.

Not surprisingly, this works for some of them. They stop directing their customers, staff and associates to send mail addressed to him, and they learn the reason why, so that they don't send sensitive information to anyone any more. They win.

He gets them to agree to donate a token amount to charity, as a little slap on the wrist. They get the receipt, the good citizen feedback, and the tax deduction. They win again.

He keeps the domain, which costs him money, because if he gave it up, the Chinese Spy Agency, or Evil Spammer, or the Taliban could buy it and use this stuff. He pays for the bandwidth to get this misdirected mail. Now he pays for the website to help these organizations straighten out their eMail practices, which are insecure and should be fixed immediately.

He pays money out of his pocket every year to keep the world safe for democracy, even though most of the time the people he's keeping safe keep threatening him with lawsuits.

I think the Good Lord, if you believe, would approve, because if you do believe you also know He does know everything and He does see the Big Picture, and this man Is Doing Good Things.

Finally, if someone sends stuff to your house by the US Postal Service, and that mail is addressed to you and unsolicited, by law you can keep it and never pay for it, whatever it is. This is exactly the same thing, with eMail.

Forging the return address to a domain that is not yours, which is also what is happening here, IS illegal. The people who threaten to sue him are in fact the ones breaking the law.


Posted by: Johnny2Bad | March 22, 2008 12:58 PM | Report abuse

Just use "example.com" -- as in DoNotReply@example.com.

The domain example.com was wisely reserved by the IETF and is not routed.

Posted by: Ed Hershey, San Diego, CA | March 22, 2008 1:07 PM | Report abuse

For years, I used to use bob@bob.com as an email address when filling out forms, in those cases when I didn't want any further contact with the perpetrator of the form.

Remember Microsoft Bob?

:-)

Posted by: Jeff S. | March 22, 2008 1:34 PM | Report abuse

I used to own house.com. Early on I got all sorts of interesting email from folks who didn't know the difference between .com and .gov. That stopped.

Then a VERY major company sold a product with instructions on how to set it up on a network... using "house" as the name... without mentioning the difference between in-house networks and the internet. So the NIC was getting thousands of "I'm the new House.com" requests and passing them on to me with an "Is this true?" request. At 10-20,000 requests/hr my system went down.

So we called and said "Please fix". They said "In our next release" A contact got me the name of the head lawyer. We said "Fix in 24 hr or Slashdot time". It got fixed... even on systems where the "no automatic updates" was set. Backdoor city.

Posted by: Dave | March 22, 2008 1:44 PM | Report abuse

When setting up fake addresses, just remember, I read all mail to the .monkey TLD...

Actually, there were attempts to bring a .monkey or .monkeys (I forget which) TLD online a while back. Just because a TLD doesn't exist for you doesn't necessarily mean that it doesn't exist for me. So far, none of the non-ICANN TLDs have reached critical mass, but that doesn't mean that they won't - or that your domain won't be using a private TLD in addition to the public ones.

As far as prosecutability goes - well, it could be argued that accepting bribes to conceal breaches of confidentiality, he becomes a willing accessory to criminal negligence... but I expect that any state or federal prosecutor going after him on those grounds is likely to find that a large campaign contribution to their boss is shortly followed by a directive that they investigate another case. And he has no contractual or legal duty of confidentiality to the companies he's embarassing.

While some forms of private case could conceivably be brought against him, they'd be on shaky enough grounds that a lawsuit would be unlikely to prevail - and would likely draw more attention, which is exactly what the idiots sending sensitive mail from forged addresses don't want.

Posted by: Deekoo L. | March 22, 2008 2:00 PM | Report abuse

Oh, and don't use example.com as a bounce address. Donotreply.com's admin posts things and mocks them; you have no way of knowing if someone working for ICANN will enable mail to example.com after seeing how much juicy information donotreply.com gets. Possibly for much more nefarious purposes. (And lest you think that that's impossible, be reminded that one of ICANN's members must have spent an awful lot on bandwidth when they rerouted all accesses to invalid domains under their tlds to themselves... and while the port 80 accesses were used for advertising, nobody ever explained, as far as I know, why they were waiting until after they collected envelope data before rejecting attempts to send mail to their wildcard.)

Posted by: Deekoo L. | March 22, 2008 2:21 PM | Report abuse

Anyone in particular care to say how he's supposed to determine whether the email is truly addressed to him or not without reading it?

These emails wouldn't look like spam messages AND this is his actual domain name. A domain name he does actually use!

Posted by: Anonymous | March 22, 2008 2:47 PM | Report abuse

If the email is in your inbox you can read it, why not? but if in the footer you see a privacy statment you must do what it says.

Posted by: me | March 22, 2008 4:58 PM | Report abuse

Chet Faliszek runs websites that make fun of people with different sexual interests and women who had miscarriges (www.portalofevil.com), and websites that violate copyright (www.poetv.com). That he runs a site harassing corporate security goes along with a history of Internet harassment of multiple communities. Chet Faliszek is very proud of very smugly being a poor Internet citizen. I'd suggest those who question this behavior consider boycotting his ventures or anyone putting money in his pocket.

Posted by: Julian D | March 22, 2008 6:11 PM | Report abuse

Just a minor comment to the people complaining about bad spelling and grammar. This is the internet people, it provides global interconnectivity not just national or to English speaking countries. My experience is that many of the people with terrible spelling and grammar are using english as a second language, or possibly using language translation software. Often they've never had any formal education in english. I hardly think we should fault them for participating in our discussions. That said, to the people that have atrocious spelling and grammar, yet were educated in the US, well...I weep for our future and pity your 9th grade english teachers.

Posted by: (-:@donotreply.com | March 22, 2008 6:28 PM | Report abuse

"extort companies"?

Here's the deal. People are not only stupid they are lazy and usually not prone to fix their stupid behaviour unless you punish them in some form. By requiring them to make a donation you are hurting their pocketbook which is probably the ONLY way many of these morons will fix their systems.

Posted by: Anon | March 22, 2008 6:29 PM | Report abuse

So basically, if your neighbor's mail ends up in your mailbox, it's okay to read it.

Also, if an ATM gives you free money, or a bank deposit intended for another account goes into yours, you get to keep it.

The bottom line is that not everyone should be liable for mistakes. You should still get your birthday card, even if the idiot mailman sorted it improperly.

Posted by: Jake | March 22, 2008 6:46 PM | Report abuse

To all technical people about the people talking loud in here: "Why Should I Care What Color the Bikeshed Is?"
http://www.bikeshed.com/

Or as in dutch: The best captains are on shore.

Posted by: Barryke | March 22, 2008 6:57 PM | Report abuse

I am not going to comment about his motives. I am not going to visit his other domains. I am not even going to get into the possible ethics of reading mail that has been sent to him. What I am going to say is that **ANYTHING** that Hormel gets of mine when I use @spam.com for an email address and I don't really care to get anything from the company, is theirs to do with as they please. And *IF* I am stupid enough to use @donotreply.com then "Chet" can do with it what he pleases.

And for all of you thinking the USPS is a good argument think about this...this isn't the letter from Aunt Sally that ended up in your box that you walked over and handed to your neighbor. This is a large percentage of idiots using your physical address as a return address for when it can't be delivered and giving everyone a prepaid envelope with your address and telling them not to use it. And yes...if it has your "address" not your name just your **address ** and it is delivered to you it is yours!

Posted by: Nardo | March 22, 2008 8:43 PM | Report abuse

To the Copyright Freak: You are an idiot.

A copyright not properly claimed and not properly registered is not a copyright. To the contrary, the e-mail is essentially a public domain document, no matter what you think.

Posted by: Greg Lee | March 22, 2008 9:26 PM | Report abuse

My company's domain name is similar to a venture capital firm. (I had my domain name about five years before they did.) Even the execs of this firm (via their admin assistants, I assume) would give out my domain name as *their* domain name from time to time. And guess what kind of email gets sent to a VC firm? Right. Lots and lots of forward-looking statements and detailed business plans and financials. And no matter how many emails I then forwarded to whom I hoped were the right corresponding address, it amazed me at how much secret stuff was being sent unencrypted to untested addresses. Crazy.

Posted by: Randal L. Schwartz | March 22, 2008 9:35 PM | Report abuse

John Q, you are chastising Chet for asking whether he should take a story down, yet you post the offender's name? If you notice, Chet never mentioned the guy's name or circumstances. Way to go, idiot.

Posted by: Ha Ha | March 22, 2008 11:16 PM | Report abuse

If Chet can't post e-mails sent to him because it violates copywrite laws, couldn't one argue that the companies are violating copywrite laws by using his e-mail address? Hmmm? See how stupid your argument is now?

Besides, he's not claiming that he is the owner of the materials, and will remove them if he's asked to. The "donation" is a suggestion, not a requirement. Merely asking him to remove it will get it removed.

Some people need to do a little research before flapping their gums.

The argument that he's not the intended recipient carries more weight. It may be his address, but no one could present an argument that "it's meant for him". A cursory examination of the e-mails shows quite clearly it's not intended for Chet. By accident, it was addressed to him.

I'm not saying he shouldn't read it, nor am I saying he shouldn't do whatever he wants with it. I'm not commenting either way. I'm just saying it's silly to claim it was intended for him.

Still, better Chet has donotreply.com than Al Qaeda. No matter what he encourages people with illnesses to do.

Posted by: copywrite bs | March 23, 2008 10:02 AM | Report abuse

I posted this shortly after the article was posted, but my post has since disappeared. Brian?

There is a correct way to send mail that is not intended to be replied to. See RFC 2606:

http://www.ietf.org/rfc/rfc2606.txt

Posted by: antibozo | March 23, 2008 1:33 PM | Report abuse

Ok, this is REALLY far down the list of comments, but I wanted to throw this out as a valid use for a catch-all email account on a domain.

I had a friend do this, and I've heard reports of others.

When signing up somewhere, use the email address: site@mydomain.com

For example, amazon@mydomain.com or ebay@mydomain.com or paypal@mydomain.com.

This way, it's VERY easy to identify who is giving out your information.

Also, there's other uses:
chris@mydomain.com - personal email (friends, family)
chris.doe@mydomain.com - professional email
Another example could be party@mydomain.com (I don't throw enough parties to warrant it, but I know others with more interesting lives do.)

Anyway, the folks above saying that using a catchall account on a domain was somehow wrong or whatever, I think are wrong. This is tech, and we get to use it to make our lives the way we like. Get the most of everything to simplify everything we can.

:)

PS: I *still* don't have my own domain name, nor hosted space for a mail server. It's on my wish list though...

Posted by: Chris | March 23, 2008 3:18 PM | Report abuse

54 hours and all the good comments are made, but this sounds like someone sending out notices that read, "If you'd like to contact us, call us at 1-800-NO-REPLY." Then the poor schmuck at (800)667-3759 gets all these sad sack messages on his answering machine. Now what? Post 'em like Chet Faliszek's doing, that's what. And rescue puppies.

Posted by: Mr Fnortner | March 23, 2008 3:46 PM | Report abuse

Antibozo -- Apologies. Yes, yours I think was the first on this post. Unfortunately, the blog got plastered with spam this weekend and I inadvertently deleted two or three comments -- yours included -- while mass deleting the spammy ones. Sorry.

Bk

Posted by: Bk | March 23, 2008 10:27 PM | Report abuse

It's not a copyright violation unless he is copying the emails. The only ones he is copying/ publishing are the newsworthy emails so he would fall under a journalist exception. Moreover, I think the bad press from suing him would do more damage than anything else.

They should all thank their lucky stars he is not some bot-wrangler running a credit scam or a terrorist interested in the latest Halliburton troop reports (you have to read it to believe it).

Frankly, he should charge $1 per received email and send out collection bills and enforce that with collection lawyers. If he's reading, contact me at www.rentwars.com, I'll work for a third. He certainly has a right to charge for the unauthorized use of his email system/ address. It is not extortion by him, it is "theft of service" by the idiot IT managers.

Posted by: Ronin Amano | March 23, 2008 11:13 PM | Report abuse

Years ago I read a similar story about the guy who owns the testcompany.com domain.

Posted by: Brian | March 24, 2008 9:17 AM | Report abuse

Jake, you said
"So basically, if your neighbor's mail ends up in your mailbox, it's okay to read it.

Also, if an ATM gives you free money, or a bank deposit intended for another account goes into yours, you get to keep it.

The bottom line is that not everyone should be liable for mistakes. You should still get your birthday card, even if the idiot mailman sorted it improperly."

If your neighbor's mail ends up in your mailbox, the mail carrier probably placed it there in error. However, the internet isn't erroneously placing mail in this guy's inbox. The mail is addressed to him.

Even further, let's say you receive mail with your address, but inside is a check written out to someone else. Clearly you haven't done anything wrong by opening the letter, but fraudulently cashing this check would be illegal and immoral.

Faliszek clearly isn't doing anything of the sort. He's not exploiting any sensitive information he finds, though he very well could.

This isn't a case of an idiot mailman, it's a case of companies using domain names that they do no own in order to avoid responses that they don't want to hear.

Posted by: Austin | March 24, 2008 2:53 PM | Report abuse

If you take a overview look at this they are sending emails to @donotreply.com. It's your property, while you are not the intended person/persons for them. Personally the amount of email you get should = $$$ they are in the literal sense spamming you. This creates a stress in your life that should not be there. So I would set up filters and start billing these companies for the amount of emails you get them from. maybe for every 1000 emails you would charge $100 that's $0.10 an email.

It would be a decent investment I think, maybe even offer to point the emails to their customer service department as an included bonus.

In a world driven by money, why not make a few bucks while helping people. Also if they try to sue you/business made from this. Under claims of extortion you can point out the fact that it's their fault your getting the emails in the first place. and that you are doing this as a service to help them protect their customers.

As for national security emails, not sure how to handle them maybe send them to homeland security with a note attached. " Kick the idiot who sent me this email. "

Posted by: Defectuous | March 24, 2008 8:08 PM | Report abuse

"So basically, if your neighbor's mail ends up in your mailbox, it's okay to read it."

If the mail has no name on it and it has your address on it, then yes, it's okay to read it.

Posted by: Nessie | March 25, 2008 2:00 AM | Report abuse

I had a friend who in the early 90's had "a0l.com" man that domain was like a fire hose of bad mail.

Posted by: Nym | March 25, 2008 5:02 AM | Report abuse

I think this guy could get into legal trouble for requiring money before removing those posts.

Posted by: Bart | March 25, 2008 8:33 AM | Report abuse

If you want to follow a postal metaphor, this is *not* like your neighbor's mail ending up in your mailbox. There's no analogy for "neighbors" in SMTP mail handling, and, unlike postal carriers, computers don't misread addresses.

Correct postal analogy: this is like a company sending out mail along with a reply envelope that is pre-printed with your name and address instead of their own. Anything you receive as a result of that would be yours, because it was actually sent to you. Of course, the unmitigated stupidity of a company that did this would be patently obvious; it should be only slightly less obvious that companies who do this in the SMTP world are equally stupid.

If companies don't want postal recipients to respond, they don't include the reply envelope. This is easy to accomplish in SMTP by simple following RFC 2606 (see link I posted above).

Posted by: antibozo | March 25, 2008 11:25 AM | Report abuse

the donotreply goes BEFORE the at symbol emirite?

Posted by: guy | March 25, 2008 12:24 PM | Report abuse

I agree with the author of "Stupidity should be painful", security begins at home... Tax the dumb and give to the less fortunate.

Posted by: Sampson | March 25, 2008 1:06 PM | Report abuse

For those of you who still think he's doing something wrong, here's the legal take [Disclaimer: I am not a lawyer]:

1) He can sue them for forging his identity, and under the CAN-SPAM act, they can be fined hundreds of thousands or even millions of dollars and be sent to prison for doing so.

2) He is generously offering to settle out of court for no more than a small donation to a local charity, and proof that they've stopped committing the crime.

3) Any mail addressed to you is yours. There are many cases, such as national security, where you are obliged to keep its contents secret, but that doesn't cover not looking at it nor not acknowledging its existence.

From a purely legal perspective, he's 100% in the right with what he's doing. He's even avoiding any possible legal hassles (lawsuits that he would win) by not accepting the cash himself. No lawyer who wasn't a scam artist would even try to bring this to court against him, and the scam artists would only be doing it for the up-front fee they'd charge the moron who wanted to sue him.

Posted by: Thought | March 25, 2008 1:06 PM | Report abuse

Kill the dogs. Donate to WWF.

Posted by: The Lord | March 26, 2008 7:13 AM | Report abuse

hey - i claim first dibs on stupidityisarenewableresource.com!

Posted by: shabbycynic | March 26, 2008 11:08 AM | Report abuse

FOR ALL THE I.D.10.T'S OUT THERE THAT KEEP REPEATING "SOMEONE ELSES MAIL", IF IT HAS YOUR NAME ON IT, THEN IT IS LEGALLY YOURS TO DO AS YOU WISH.

This guy registered donotreply.com as HIS domain. Meaning he owns it in all context.
Addressing %anyone% @donotreply.com is his address. That is like saying "to the DoNotReply family". He legally owns it. You or anyone else who sends mail to him is signing rights of content over to him.

Maybe this is why you people don't get paid better. You don't read or think before you speak.

Posted by: Paying Attention | March 27, 2008 11:28 AM | Report abuse

=====
Quote:
Posted by: Sampson
Tax the dumb and give to the less fortunate.
=====

Sampson, we already have a tax on the dumb. It's called the lottery.

Anyhow, one point that wasn't mentioned in all of these "regular mail analogies":
If you get your neighbor's mail, or if regular mail gets misrouted to your house, you don't have to pay anything extra. No extra postage (unless you choose to pay to forward the letter to the correct person). Adding "Return to Sender" doesn't cost any additional postage.

Now, with Chet, he has to pay for the extra bandwidth, storage space, etc for this "misrouted" email.

Even with the best "regular mail" analogy, it doesn't factor in the cost aspect.

Posted by: Anonymous | March 27, 2008 2:01 PM | Report abuse

Reading/publishing other people's mail that accidentally landed in your physical mailbox is impolite. Receiving physical mail for others with consent and reading that mail is rude and immoral. Reading/publishing mail that is sent to your email address because some jerk out there used your domain name is completely moral and, personally, I believe it is a service to society. Keep up the good fight DoNotReply.com!

Posted by: Glenn.Isaac | March 27, 2008 8:08 PM | Report abuse

I saw something about the owner of "bar.com" getting tons of mail like this too, though generally all pointed at the "foo" user. Yes, it does go somewhere.

Posted by: Mark | March 28, 2008 1:23 AM | Report abuse

At one time, I was getting weekly faxes of business reports by some company, at 0400 on Friday mornings. I learned not to keep paper in the machine, but then it would beep incessantly. Then it would redial and try to connect again. I called them several times to no avail.

Finally, I looped three pieces of paper with tape, with STOP CALLING ME on them in negative, the page colored with black felt tip. I dialed the sender at 0200 and let the spool send until I got disconnected around 0853.

They never faxed me again.

Posted by: Michael Z. Williamson | March 28, 2008 1:04 PM | Report abuse

Post staff, kindly remove comment spam above (posting by Roshan).

Posted by: pay attention | April 7, 2008 2:19 AM | Report abuse

@aeschylus/pay attention -- Kindly stop posting more "please remove spam" comments on every blog post that has a spam comment. These real spam comments are literally hammering this blog, and while I think we're doing a good job fending most of them off, a few slip through the cracks here and there, especially over the weekends. And I'm the one who has to go in and clean them up. Thanks.

Posted by: Bk | April 7, 2008 3:42 PM | Report abuse

Bk,

I only started doing that because they were remaining there for many days. When you started removing the "please remove" comments without removing the comment spams themselves, I assumed someone less clever than you had taken over. Sorry.

Posted by: pay attention | April 8, 2008 1:53 AM | Report abuse

Also, please note that the comment spam remains on most or all of the four or so articles where I made the requests (yet the requests were removed).

Posted by: pay attention | April 8, 2008 1:56 AM | Report abuse

Bk, one can't help but wonder whether you are getting kickbacks from Sam Milby...

Posted by: pay attention | April 9, 2008 3:32 PM | Report abuse

"Of course, the first time someone gets hurt or loses their job because of something Mr. Faliszek posts online is when Mr. Faliszek stops seeming like a hero and starts seeming like a foolish kid who loves animals."

Then . .

"You seem to be very confused about who is to blame for the problem in the first place. If this someone "gets hurt or loses their job" it is because of their own incompetence. If your actions caused sensitive company information to be sent to some random guy on the internet, it is not that guy's fault you lost your job."

If you ever have your identity stolen as a result of some bank or business being careless with your personal info, you'll personally want to tear the arms off of the idiot who caused it because it will come close to destroying you. Somehow getting someone fired who should have known better but did what he did to save his company the time involved in setting up a black hole deserves what he gets.

Look, if a city hires a person to be a 911 dispatcher and they turn out to be incompetent and this results in to a citizen or property damage, we all get indignant. If we hire a cop who ends up being incompetent and he is brutal, we all get indignant. But if a bank hires an IT manager who is incompetent, some IT managers come to his defense because you don't want him disciplined. Don't accept the promotion if you aren't qualified for the job. It's called fraud. Don't accept the job if you don't have the balls to tell your boss that allowing personal info to go to some unknown person is wrong. There is no question in my mind who the immoral one is here. Getting rid of these idiots makes more room at the top for the rest of us who do care.

One final thought: It should be illegal for a company to do this. I'd like to see top managers in companies that lose a million credit card number or compromise someone's credit data spend 30 days in jail. After five million lost credit card numbers, each stockholder of the company should be docked 5% of their stock value with the money used to prosecute real computer crime. I guarantee that sound practices and good security would be implemented in a month and the quality of employees would increase 100%. It's time for corporate responsibility!

Posted by: Stevereno | April 10, 2008 10:52 PM | Report abuse

from donotreply.com:

"You actually don't have to do anything but contact me and I will take it down. The donation is more of a suggestion. Anyone who has contacted me can tell you this is true, I am changing the wording to reflect that."

read before you criticize.

Posted by: Anonymous | April 12, 2008 3:32 PM | Report abuse

You vote Democrat party, don't you? Scummy people always do.

Posted by: kevin | April 18, 2008 8:20 AM | Report abuse

In the above comments there are many bad postal analogies, and a couple good ones.

Well over 99% of email is 'postcards', with physical mail anything you don't want someone else to read is put in an envelope. Be it a letter from Aunt Sally, a bank notice, junk mail or a political announcement. With a postcard there is no expectation of privacy, anyone at the address can read it, even if it is addressed to "don't read this".

If he was cracking open envelopes (like OpenPGP or S/MIME) then the DCMA would come into play if he isn't immediately recruited by the/any government.

Posted by: YaVerOt | April 22, 2008 11:58 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company