They Told You Not To Reply - Via Security Fix at The Washington Post :

When businesses want to communicate with their customers via e-mail, many send messages with a bogus return address, e.g. "somethinghere@donotreply.com." The practice is meant to communicate to recipients that any replies will go unread.

But when those messages are sent to an inactive e-mail address or the recipient ignores the instruction and replies anyway, the missives don't just disappear into the digital ether.

Instead, they land in Chet Faliszek's e-mail box.

As owner of www.donotreply.com, the Seattle-based programmer receives millions of wayward e-mails each week, including a great many missives destined for executives at Fortune 500 companies or bank customers, even sensitive messages sent by government personnel and contractors.

The majority of the e-mails naturally are from spammers, who also are quite fond of using Faliszek's domain name in the "From" field of their junk e-mails. Some of the non-spam bounce-backs are fairly harmless, like the ones he gets every so often from desperate, hungry people who bought a CharBroil brand grill but can't get the thing to work properly.

"Instead of letting people just hit reply to these support mails, they make the customer click on a link," Faliszek said. "It's sad, too, because I'll get these e-mails from people and they're like 'Oh, man, I really wanted to grill, but it's not working.' Sometimes they'll even send pictures of their grill, too."

But many of the misdirected e-mails amount to serious security and privacy violations. In February, Faliszek began receiving e-mails sent by Yardville National Bank in New Jersey (now part of PNC). Included in the message were PDF documents detailing every computer the bank owned that was not currently patched against the latest security vulnerabilities. Faliszek has so far amassed more than 200 reports about the bank detailing computers, full branch reports and graphs showing the top 10 most vulnerable systems.

In a blog post cleverly titled "What's in Your Return Address Field," Faliszek posted another bank screw up last month after he began receiving replies from Capital One customers inquiring about various details of their accounts. He says Capital One appears to have used donotreply.com as the return address for automated payment transfers and debits set up by customers.

Faliszek also routinely receives bizarre e-mails from Kellog Brown & Root, a Houston-based engineering company and former subsidiary of Halliburton. He said it looks like someone at KBR has set up a system that scans incoming faxes as PDFs and mails them off to various recipients.

"It's really kind of weird, because I'll get these faxes from Iraq, where they talk about various camps, when and where they're moving the support equipment, what they're buying, accident reports, and information on people applying for jobs," Faliszek said.

Faliszek bought donotreply.com back in 2000 when he and some friends were running an e-mail service. But he never imagined he would get such a huge volume of misdirected mail.

(Read Original Article - Via Security Fix at The Washington Post .)