If your company is in the habit of using a “donotreply.com” address in the “From” field of its emails, you might want to forward your IT department this entry from the Washington Post’s “Security Fix” blog—when customers don’t pay attention and reply to a “donotreply.com” email address, it goes to Chet Faliszek, a programmer in Seattle who registered the domain seven years ago.
With the exception of extreme cases… Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It’s just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.
It probably seems obvious that if the email address includes “donotreply,” that means you shouldn’t hit “reply.” Of course, in the real world customers don’t pay attention, or figure it’s an empty threat and someone will read it. Faliszek said he’s received sensitive information from Capital One customers, reports on security vulnerabilities for a New Jersey bank that’s now part of PNC, and reports on supplies and locations for troops in Iraq from a former subsidiary of Halliburton.
When the emails are trivial, he deletes them; when they’re big topics like the ones just listed, he’ll blog about them in order to embarrass the company responsible for such a dumb and lazy policy.
“I’ve had people yell at me, saying these e-mails are marked private and that I shouldn’t read them,” Faliszek said. “They get all frantic like I’ve done something to them, particularly when you talk to the non-technical people at these companies.”
Instead, he blogs about the most interesting ones. Companies embarrassed by having their e-mails posted online can get him to pull the entries from his blog for a small payment. The normal fee to be removed from the site is proof of a donation to an animal protective league or humane society. So far, Faliszek says his blog has raised roughly $5,000 for local dog pounds.