what did we tell you
March 19, 2008 1:46 PM   Subscribe

This is unreal.
posted by docpops at 1:56 PM on March 19 [1 favorite]

I thought this was going to be humorous. Now I think we should shut down the internet for our own good.
posted by shakespeherian at 1:59 PM on March 19

Even nominally intelligent people are completely unwilling to put the same amount of effort into being safe on the computer that they are willing to put into being safe "in real life." Online activities have a feeling of the unreal, and most people (even college-educated white collar workers...) don't have a visceral grasp of the risks of insecurity.
posted by sonic meat machine at 2:04 PM on March 19

Very clever. Nice how he donates money to the animals in the process as well.
posted by TheWaves at 2:05 PM on March 19

Since homeland security and the TSA actually deal with national freaking security, I am not going to post the information in the emails...

Cocktease! Goddamnit! (Still, I'll read the rest. Thanks!)
posted by not_on_display at 2:07 PM on March 19

Wow. This is fantastic. I never thought of where all those donotreply responses go.

I wonder if this guy also owns missingsock.com?
posted by Hicksu at 2:07 PM on March 19 [2 favorites]

The September That Never Ended dumbed us down
And spam has given my site some renown
I heard Outlook chime and gave a sigh
But this was the domain of do not reply.
posted by adipocere at 2:08 PM on March 19 [4 favorites]

Mmmmmm....donots.
posted by googly at 2:11 PM on March 19

In the distant past, how did we get people to not respond to a letter? I'm sure it wasn't done by asking the recipient to not mail a response to:

Nobody is here
100 Main St,
Townville, PA USA
posted by preparat at 2:13 PM on March 19 [2 favorites]

Crazy. It's a good thing this guy got to the domain first...
posted by spiderskull at 2:21 PM on March 19 [1 favorite]

Preparat, that's because, for normal people:

1) Snail mail does not come with a button where you can click it and a copy is prepared for you to send back, complete with a place to put angry rants.

2) Snail mail does not come with a different button so you can forward it to all of your friends, so you don't have bad luck for the next three years.

3) Mailboxes don't have an easy "vacation setting" where you can have your mail sent back until such a date, at least without filling out a form.

4) It costs 41 cents (or whatever) to reply.
posted by adipocere at 2:22 PM on March 19 [2 favorites]

It's a good thing this guy got to the domain first...

Honestly, it's just a matter of time now, before Homeland Security or some Corporate Lawyers show up at his place to seize all of his computers and all of the Corporate Intel that he's unlawfully gotten hold of.

Trust me.
posted by vhsiv at 2:27 PM on March 19 [1 favorite]

But how did he "unlawfully" get a hold of this info? It seems as if people are sending me stuff unsolicited, I'm not stealing it. (Not that I don't trust you; I'm sure the shelf-life of this site is growing shorter by the moment.)
posted by not_on_display at 2:35 PM on March 19

adipocere - points taken.

My issue is not with the people who respond, but with those who, being in a position which expects of them a certain degree of diligence and modest amount of care, misuse the Reply to: (not sure that's definitely the name) field in email, because, whatever, this is a made-up domain which does not exist.
posted by preparat at 2:38 PM on March 19

There was a guy in NY who wrote "none" as his second choice for vanity plates, got it, kept it, then received hundreds of violations in the mail every week.
posted by StickyCarpet at 2:42 PM on March 19 [5 favorites]

Unlawfully? There's no law against other people being idiots.
posted by adamrice at 2:49 PM on March 19 [1 favorite]

The owners of the domain donotreply.com get a lot of mail

Maybe someday someone will email them a sense of humor.
posted by delmoi at 2:50 PM on March 19

Seems to me I've seen something similar with another domain, perhaps something like "nowhere.com" where the site owners simply let anyone paw through the emails that arrived there. Hm.

Anyway, it boggles my mind that any dev wouldn't use something like "donotreply@" the domain they actually own, and just bit bucket them when they come back, with a bounce giving customer contact info.
posted by maxwelton at 2:55 PM on March 19 [2 favorites]

Apparently StickyCarpet's "NONE" story is more common that I would have thought. Snopes has an interesting write up of people getting parking tickets for various other vanity plate names.
posted by pombe at 3:04 PM on March 19 [2 favorites]

Brilliant. They're really doing the right thing with this - shaming the companies without compromising the ordinary shmoes. Check the about page:

So enjoy the stupidity of others. I used to call, email, blah blah blah to try and contact the company to get it to stop. It never did. The only thing that ever works (and sometimes that doesn’t even do it - yeah I am looking at you Intel), is posting bits and pieces here...

On average, because of this site and others I run, I am served with a legal threat at the rate of one a month, often running to one weekly. I have never been actually sued, just threatened plenty. So before you send me a legal threat about your company being mentioned here, first try an email, be nice, be reasonable and leave me a phone number and I will call you back. Normal payment to be removed from the site is a donation to your local pound/animal protective league. So far this site has raised around $5,000 for local pounds.

I can't imagine anyone doing this better. Maybe the Homeland Security angle (!) will get it some mainstream press.

Maybe someday someone will email them a sense of humor.

I'm sure they'll find their sense of humor once they get over their shock at human stupidity. But really, the range of stupidity they see is truly awesome, so I'm not holding my breath.
posted by mediareport at 3:06 PM on March 19 [2 favorites]

Yeah, this is a bit sad. Any competent network admin knows that the IETF standard address to send all your top-secret local network security reports to when you don't want to read them yourself is user@example.com.
posted by sfenders at 3:11 PM on March 19 [3 favorites]

He should also see if he can score the phone number 555-1212.
posted by Dave Faris at 3:15 PM on March 19

Epic lulz, I thought I recognized the sarcastic tone of the posts...the Chet that owns this site is none other than Chet from Portal of Evil and Portal of Evil News.
posted by baphomet at 3:24 PM on March 19

Baphomet, he also used to run Old Man Murray, which is the best damn gaming site that ever existed.
posted by The Castle at 3:37 PM on March 19

this guy has been making the internet scary for a very long time.
posted by shmegegge at 3:38 PM on March 19

$$$ spent on IT != good interwebs

In this same vein, though, the guy who codes/maintains thttpd has, quite possibly, the funniest such story, and you think he'd know, as his site is www.acme.com
posted by eclectist at 3:49 PM on March 19 [6 favorites]

Holy fucking fuck this is hilarious.
posted by Sys Rq at 3:57 PM on March 19

Well, I've learned something: from now on, I'll always be responding to donotreply.com e-mail addresses.
posted by interrobang at 4:10 PM on March 19

That is insane, eclectist.
posted by grouse at 4:24 PM on March 19

I've had many the same interchanges with people that don't know how to read mail headers. I do my own mail hosting and my domain has been forged more than once. I have also received a good few mails, threatening and otherwise, claiming I am a spammer. Eventually I manage to get through to them that their mailhost apparently takes everything on blind faith (which is bad) and also how to actually look at headers to find where mail REALLY comes from.
posted by Samizdata at 4:27 PM on March 19

Epic lulz, I thought I recognized the sarcastic tone of the posts...the Chet that owns this site is none other than Chet from Portal of Evil and Portal of Evil News.
posted by baphomet at 3:24 PM on March 19 [+] [!]

Baphomet, he also used to run Old Man Murray, which is the best damn gaming site that ever existed.
posted by The Castle at 3:37 PM on March 19 [+] [!]

He now works for Valve, writing for games.
posted by camcgee at 4:38 PM on March 19 [1 favorite]

Another guy who was just begging for it had registered localhost.com¹. Now, back in the day, when all you credibly had was your flaky Netscape browser (cum mail client/newsreader/page composer/calendar/etc), they added a helpful feature for that increasing body of users who would fail to add .com to their domain entry - it would do it for you, if you forgot!

When you were running a test server on your own machine, and Apache would silently fail to restart (mod_perl being a temperamental beast back then), it would lead to some head scratching. I spent some time backtracking and trying to figure out where the henk those pages were on my machine, and who had put them there.

ahh, heady days.
¹ thank you, archive.org
posted by davemee at 4:38 PM on March 19

Normal payment to be removed from the site is a donation to your local pound/animal protective league. So far this site has raised around $5,000 for local pounds.

Anybody know how this is not extortion, exactly?
posted by nzero at 4:45 PM on March 19

hide their shame ≠ extortion
posted by Fiasco da Gama at 4:51 PM on March 19

Anyway, it boggles my mind that any dev wouldn't use something like "donotreply@" the domain they actually own, and just bit bucket them when they come back, with a bounce giving customer contact info.

maxwelton, don't legitimize such rude and improper behavior by describing a "right" way to do it.
posted by vsync at 4:56 PM on March 19

There is actually a more or less canonical top-level domain to use for cases where you want an obviously invalid Internet address: not surprisingly, it is .invalid. See RFC2606. (It's not really intended for this use case, namely a bogus Reply-To address, but it's obviously a much safer thing to use than anything.com.
posted by Creosote at 4:58 PM on March 19

the CTO of my company yelled at all of us for using "test.com" emails, b/c test.com is a real company and emailing them could potentially get us put on a spammer list.
posted by drjimmy11 at 5:01 PM on March 19

and I hope, drjimmy, that the CTO pointed you to RFC2606, where you'll also find that .test is the IANA-reserved top-level domain name for testing. Those RFC guys think of everything!
posted by Creosote at 5:08 PM on March 19

I can understand mistakes, I cannot understand this continuation of stupidity.

A shield, some banners, a couple of swords, a dragon and that sentence in latin. Yes.
posted by soundofsuburbia at 5:17 PM on March 19 [6 favorites]

And as sfenders pointed out upthread, RFC 2606 also reserves example.{com,net,org}.
posted by hattifattener at 5:31 PM on March 19

example.com used to be like that, but now it's ICANN reserved for almost the same reason, the same way the entire .test TLD is.

I believe sample.com still has a real owner, though, and website.com certainly does.
posted by rokusan at 5:33 PM on March 19

I remember Donotreply.com used to be on the list for evilemail domain names although it doesn't look like it is anymore.
posted by puke & cry at 5:38 PM on March 19

agreed. hilarious.
posted by mrgrimm at 6:00 PM on March 19

I'm not sure I agree with you a hundred percent on your police work, there, Lou.
posted by dhartung at 6:03 PM on March 19 [2 favorites]

They never taught us any of this stuff back at loopback.edu.
posted by SteelyDuran at 7:06 PM on March 19 [4 favorites]

nzero Anybody know how this is not extortion, exactly?

Primarily, the lack of personal benefit.
posted by aeschenkarnos at 8:09 PM on March 19

hide their shame ≠ extortion

But it is blackmail.
posted by cillit bang at 8:53 PM on March 19

Very funny blackmail, for a good cause. Won't somebody think of the kittens?
posted by Fiasco da Gama at 9:24 PM on March 19

vsync, take the example of an automated email generated by a server on user registration. I guess I'm a scumbag for including

This email is automated. Please do not reply to it.

And then using donotreply@ the domain it is being sent from? If someone does reply despite the warnings, they get a bounce that says

Hi, this mailbox is not monitored--it's where our server sends registration emails from. To get in touch, please visit www.example.tld/contact/ or call 8xx-555-1212 from 9-6 Pacific time. You may wish to look through our FAQ at www.example.tld/faq/ to see if your question has already been answered. Thanks!

I'm anxious to hear what the better way of doing this is.
posted by maxwelton at 10:29 PM on March 19

Maybe someday someone will email them a sense of humor.

from the site:

Dear Kellogg Brown & Root
...
M____ C____ ordered almost $5,000 worth of portable toilets. Better watch out for this guy, sounds like he is planning a rave.
posted by pompomtom at 2:32 AM on March 20

I knew of the folks who, in the heady dotcom days, owned nowhere.com (they may still have it for all I know.) They received a hell of a lot of reply mail, and put up a bunch of SMTP (arf! arf!) filters to try and combat it. They succeeded mostly.

My housemate, who owned somewhere.com at the time, also got quite a bit of spam but not on the scale that nowhere.com got.
posted by Spatch at 6:06 AM on March 20

I really don't know what to say about this site.
posted by TheSpot at 8:22 AM on March 20

aeschenkarnos wrote: Primarily, the lack of personal benefit

On the contrary, extortion does not legally require personal benefit as I understand it, but rather forcing another person to part with property. In other words, it doesn't matter what you force the other person to do with the money, it only matters that you are forcing him to part with it.

Also, I disagree with cillit bang that this is blackmail, in the sense that I don't think it's legal to post private emails to a public forum. Isn't that why they put those little disclaimers at the bottom of corporate emails that say "if you're not the intended recipient of this email you must delete it immediately?" Are there any actual lawyers here who can comment on any of this?
posted by nzero at 9:34 AM on March 20

Isn't that why they put those little disclaimers at the bottom of corporate emails that say "if you're not the intended recipient of this email you must delete it immediately?"

If they're so incompetent that they don't know where their emails are going, they should probably put those disclaimers at the top where they might do some good.
posted by Sys Rq at 9:49 AM on March 20

Here's an analysis of some of those useless disclaimer terms. Don't believe them.

I don't think it's legal to post private emails to a public forum

On what basis? Particularly, which of the donotreply.com e-mail postings do you think is illegal, and why?
posted by grouse at 10:00 AM on March 20 [1 favorite]

Isn't that why they put those little disclaimers at the bottom of corporate emails that say "if you're not the intended recipient of this email you must delete it immediately?"

IANAL, but I believe those disclaimers carry about as much legal weight as "These files are for educational purposes only" or "You must delete this file within 24 hours of receiving it".
posted by Spatch at 10:15 AM on March 20

Huh. Maybe I should stop using bob@bob.com as my throwaway email address. Sorry Bob!
posted by Big_B at 1:06 PM on March 20

Here's an analysis of some of those useless disclaimer terms. Don't believe them.

Ok, so cillit bang was right, it seems like blackmail not extortion. Still waiting for a lawyer to chime in on why it isn't illegal.

On what basis? Particularly, which of the donotreply.com e-mail postings do you think is illegal, and why?

All of them, in that he is offering to take down the messages in return for a donation to a charity from the message sender or recipient (i.e. he is blackmailing charitable donations using these messages).
posted by nzero at 1:06 PM on March 20

Huh! Your housemate owned somewhere.com, Spatch? I own elsewhere.org, and I used to get a bunch of email that had someone@somewhere.com in the cc list. I think there was a HOWTO out there that used someone@somewhere.com and someoneelse@elsewhere.org as their example addresses. Doesn't happen so much any more, though. (The huge volume of spam I get now is my own fault, I guess, for using the same address for the last 12 years.)
posted by hades at 2:17 PM on March 20

On what basis? Particularly, which of the donotreply.com e-mail postings do you think is illegal, and why?

All of them, in that he is offering to take down the messages in return for a donation to a charity from the message sender or recipient (i.e. he is blackmailing charitable donations using these messages).

Well, it certainly appeals to fulfill the elements of blackmail. But absent those elements, you have not identified any reasons why it is generally illegal "to post private emails to a public forum" as you said before.
posted by grouse at 6:11 PM on March 20

All of them, in that he is offering to take down the messages in return for a donation to a charity from the message sender or recipient

But leaving them up isn't illegal; they sent the private emails to him directly. He's not blackmailing; he's simply saying I'll help you erase some of the traces of your stupid mistake if you do something nice for a charity I like. If they don't do something nice, he doesn't help them erase their mistake, but (and this is important) he also doesn't take advantage of the information he receives and doesn't publicize anything that can damage any of the individuals involved. It's snarky, yes, but kinda noble too.

There's a reason he only gets *threats* of lawsuits, nzero.
posted by mediareport at 6:11 PM on March 20

vsync, take the example of an automated email generated by a server on user registration. I guess I'm a scumbag for including

This email is automated. Please do not reply to it.

Yes.

And then using donotreply@ the domain it is being sent from? If someone does reply despite the warnings, they get a bounce that says

Hi, this mailbox is not monitored--it's where our server sends registration emails from. To get in touch, please visit www.example.tld/contact/ or call 8xx-555-1212 from 9-6 Pacific time. You may wish to look through our FAQ at www.example.tld/faq/ to see if your question has already been answered. Thanks!

I'm anxious to hear what the better way of doing this is.

You know, you can set the Reply-To header to go to that very same customer service department.
posted by vsync at 10:03 PM on March 20 [1 favorite]

Well, it certainly appeals to fulfill the elements of blackmail. But absent those elements, you have not identified any reasons why it is generally illegal "to post private emails to a public forum" as you said before.

Right, I definitely concede that point. My original argument was that this was extortion because posting of the emails themselves were illegal, but after I read the link you posted (thanks, it was very informative) I decided you were right that it wasn't illegal to post them, thus this is blackmail not extortion.

But leaving them up isn't illegal; they sent the private emails to him directly. He's not blackmailing; he's simply saying I'll help you erase some of the traces of your stupid mistake if you do something nice for a charity I like. If they don't do something nice, he doesn't help them erase their mistake, but (and this is important) he also doesn't take advantage of the information he receives and doesn't publicize anything that can damage any of the individuals involved. It's snarky, yes, but kinda noble too.

Er, that's the very definition of blackmail. I do something you don't like, and then offer to stop doing it in exchange for you making a payout. Plain and simple, still waiting on a lawyer to say otherwise.

There's a reason he only gets *threats* of lawsuits, nzero.

Yeah, because the threats of lawsuits aren't in regard to his blackmailing, they're in regard to his having the posts up in the first place which grouse already established for us is legal in itself. I feel fairly confident that as soon as a savvy lawyer notices the blackmail angle, this site will go away very quickly. (Any lawyers care to respond? Please?)
posted by nzero at 10:30 AM on March 21

I feel fairly confident that as soon as a savvy lawyer notices the blackmail angle, this site will go away very quickly.

I'll take that bet. You're just plain wrong. There's no actionable cause here.
posted by mediareport at 6:46 PM on March 21

I'll take that bet. You're just plain wrong. There's no actionable cause here.

I wouldn't bet on it because I have no idea what I'm talking about. Thought that was clear from the phrasing of my original question, which has transmuted into- why is this not blackmail?
posted by nzero at 5:51 AM on March 22

IANAL, but isn't it only blackmail if you don't release the information, but threaten to unless paid? This site is releasing the information and then offering to take it down for money.
posted by Asymptote at 11:00 AM on March 23

He now has a post addressing the extortion/blackmail issue.
posted by Asymptote at 11:01 AM on March 23

Wow, thanks for that link Asymptote. So it turns out not to be blackmail because he doesn't actually require the donation to take down the posts. Just a polite request. Nice guy.
posted by nzero at 8:29 PM on March 23