If your company is in the habit of using a “donotreply.com” address in the “From” field of its emails, you might want to forward your IT department this entry from the Washington Post’s “Security Fix” blog—when customers don’t pay attention and reply to a “donotreply.com” email address, it goes to Chet Faliszek, a programmer in Seattle who registered the domain seven years ago.
With the exception of extreme cases… Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It’s just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.
It probably seems obvious that if the email address includes “donotreply,” that means you shouldn’t hit “reply.” Of course, in the real world customers don’t pay attention, or figure it’s an empty threat and someone will read it. Faliszek said he’s received sensitive information from Capital One customers, reports on security vulnerabilities for a New Jersey bank that’s now part of PNC, and reports on supplies and locations for troops in Iraq from a former subsidiary of Halliburton.
When the emails are trivial, he deletes them; when they’re big topics like the ones just listed, he’ll blog about them in order to embarrass the company responsible for such a dumb and lazy policy.
“I’ve had people yell at me, saying these e-mails are marked private and that I shouldn’t read them,” Faliszek said. “They get all frantic like I’ve done something to them, particularly when you talk to the non-technical people at these companies.”Instead, he blogs about the most interesting ones. Companies embarrassed by having their e-mails posted online can get him to pull the entries from his blog for a small payment. The normal fee to be removed from the site is proof of a donation to an animal protective league or humane society. So far, Faliszek says his blog has raised roughly $5,000 for local dog pounds.
“They Told You Not To Reply” [Washington Post] (Thanks to Alexa!)
(Photo: Getty)
More From Consumerist
-
Man Wins Bug-Eating Contest To Get Free Snake, Then Collapses And Dies
-
Website Allows Dealers To Bid On Your Trade-In, But Only The Site’s Owner Seems To Be Bidding
-
Eviction Papers Served To Squatter In $2.5 Million Mansion, But He’s Sticking Around For Now
-
Long Island Power Authority Sends Estimated Bills To Customers Who Went Weeks Without Electricity
-
Feds Shut Down Debt Relief Companies That Only Relieved Customers Of Their Cash
He isn’t threatening to expose the cheating idiots.
He is exposing the cheating idiots and asking for a donation for his time and trouble to take it down.
His website also clearly says he charges for the use of his domain/email. The terms are at the bottom.
For those who replied to my first post – I inserted the term because I don not want anyone to get the idea that I supported doing anything that may be construed to be illegal. CYA.
If I were to do what I proposed, my script would be something on the order of, “Are you aware that this conversation may be recorded and used for any purpose?”
If they give assent, I can do whatever I like so long as I don’t edit to change the plain meaning of their words.
Why do I feel like Ensign Pulver?
This is pretty cool. I wish I’d thought of it.
@Trojan69:
You don’t have to get their assent.
You can ignore their protests or if you’re a bit afraid of being sued, just add this: “Your continued participation in this phone call is your consent to be recorded”.
You have given them the option of hanging up, if they continue to harass you with phone calls & you record them, tough shit for them, you’re protected even under two party requirements!
The company’s that are using his domain for there donotreply address are also in violation of the Can Spam act in which you cannot use false addresses in your email headers.
@SuperJdynamite: Removal of that information for money is not extortion.
How dumb is this? I’ve been in web development for several years, and I can tell you I’ve never known anyone in the industry that would be so stupid as to use the domain name DoNotReply.com. Everyone knows that the proper syntax for a “DO NOT REPLY” is DoNotReply@YOUR_WEBSITE_NAME.COM. It’s unbelievable that a huge company like Capitol One would would be guilty of such stupidity.
What, are the colleges churning out idiots these days? Unreal.
I have a .com address I’ve owned for over 10 years. I’ve had to deal with the .edu owner setting up the default reply address for all their users with the .com, which meant that every September, I would get bombarded with email. This went on for 3 years. Then they sent me a mug.
A secretary at the .net holder routinely sent confidential correspondence to other people in her company incorrectly addressed to .com. Besides replying back to her, I tracked her down and called her on numerous occasions to correct her mistake, actually trying to help her cover her ass. She would scream at me about how her company paid for the name and then hang up. She did not understand the difference. I finally contacted the president of the company. The emails stopped very suddenly.
Post em on Wikileaks.
@Dr. Chim Richolds: Only if the mayor went to your house to meet the hooker.
Ailu:
To answer your question; yes.
Too bad he’s not making his donations to the EFF – seems more appropriate, as they might be the ones that save his butt when some shark comes along and makes it a Supreme Court case.
I blame the companies. They should have an e-mail address dedicated to “donotreply”. I have a devnull address just for that purpose.
I wish I had thought of this.
@Dr. Chim Richolds: No, his page says he’ll remove it if you just ask (and his actual posts don’t seem to show anything particularly confidential), the donation is only a suggestion not a requirement.
Darn someone already registered nowhere.com and somewhere.com. Wonder how much spam they get because I use those for trash emails.
@Hossofcourse: Perhaps, but you can’t legally open mail not addressed to you, so unless they send it “Occupant” or the like, you won’t have access to the information contained within. You could publicize that they are dumb, but can’t use the contents. One could perhaps argue that on emails, but IANAL.
@Dr. Chim Richolds: no, no, it doesn’t sound like that at all. It sounds a lot like the politician handing you those photos as he walks by you in the street, and then later asking how you got them.
He’s doing nothing morally or legally wrong. The companies using his domain name are doing both.
@超外人: @Dr. Chim Richolds: If he were contacting the companies and demanding money to not make a post, you’d be right. He’s making the post and allowing them to donate to charity (not pay him) so that he’ll perform the service of taking it down. It’s not extortion in the same way that it isn’t extortion when the grocery store demands money before you can have food. (Demanding money to not do something=extortion/blackmail; demanding money to do something=the basis of our economy). As far as I can tell the real purpose of the payment is making sure the company actually pays enough attention to change their donotreply email address; he’s not profiting from it.
@Jacquilynne: noneofyourbusiness.com looks like a generic squatter. nospamplease.com advertises that it’s for sale…
I didn’t say it was outright extortion, I said it seems to be of it especially out of the “charity” thing. I don’t believe many of the charity claims that some politicians or corporate people create for their own benefit. And again, we don’t know if he isn’t profiting from it. He may also be obtaining other data and secretly making deals with it. Just because someone states they do something this way, doesn’t mean they are entirely honest about it. Temptation exists.
Either way, he has a very interesting perk, and who knows what else he could do with such knowledge by knowing all these “secrets.”
People with power tend to abuse it, and wouldn’t be a surprise to know if he does as well, discreetly.
@Bladefist-안녕:
Yes, asian fonts are win. Too bad I can’t read Korean.
@RandomHookup: I don’t think emails are equal to physical mail in this circumstance. If I got mail for John Q Fakename at my address, it isn’t addressed to me. If I owned fakename.com, however, anything mailed to @fakename.com would be addressed to me. The domain name isn’t equal to the street address. I’d suggest that the whole email is equal to that street address.
What’s more, the intended recipients did INTEND for mail to be sent to that address. It wasn’t sent in error, it just wasn’t expected to be received. The intent was to send a message to john@fakename.com. They just didn’t expect me to get that mail, but it doesn’t mean they didn’t intend for it to be sent to me.
@超外人: He actually says on his site that the donation isn’t required — he’ll just take it down if you contact him.
@BStu: I am not arguing that emails = physical mail. The poster I replied to was. I’m sure there are lawyers who might disagree, but that’s what lawyers do.
It’s important to know what you’re doing when you write, configure, and maintain this stuff.
Learn RFC 2606, people!
@超外人: Yours says “Super Foreigner” right?
Ha! I wonder actually how many people actually reply to do not replys… Probably the same people who get phished every once in a while.
@Trojan69: Umm… I DO record CSR calls if I’m calling about a serious problem or dealing with a company I know to have a seriously bad CSR reputation. Just be sure to announce (like their robot voices do) that you are also recording the call. Digital recording’s a marvelous thing!
In Alaska, we can record all phone conversations legally. As only one of the parties on the line must be aware and agree to the recording. The other parties do not need to know
So yes, it is legal (in some states) to record phone calls. And there are some sites online that hosts such recorded calls