Do Not Reply Emails Should not be Delivered

Tags:

There are too many emails being sent from donotreply@domain.tld addresses. These addresses explicitly don't exist and/or will not accept emails, yet they are the sender/replyto of important emails like order confirmations and what not. I've recently seen this for domain name transfers.

Emails from such origins should by logic be refused or classified as spam. There is no way for the user to respond to these emails. Email was not designed to send emails on behalf of non-existing or spoofed senders. RFC 5322 clearly states: In all cases, the "From:" field SHOULD NOT contain any mailbox that does not belong to the author(s) of the message. In most cases the donotreply address does not exist and hence cannot belong to the author(s).

Sending emails from an address that is not yours is called Email Spoofing.

Breaking Email Delivery Notifications

Another point is breakage, if the email cannot be delivered there is no way of alerting the sender, bounces can not be routed anywhere. This breaks "email" out of pure contempt of the receiver. The sender does not give a flying crap if the receiver gets the email.

This is the equivalent of a merchant dispatching packages with no return address.

If the email can't be delivered nor bounced, nobody will ever know about it, this is only suitable for spam, not for important emails being sent to your own customers containing important information.

How To Make Things Worse

I received this email for a domain name transfer (for a client) from do_not_reply@ns-not-in-service.com, they've combined the "donotreply" with a dodgy domain name that is not related to anything the client knows of. It also contained a link to webpage on yet another domain that the client has also never heard of, opensrs.net (the 'Whois' details shows EPAG Domainservices, I would have at least expected an email from them or the reseller).

The domain ns-not-in-service.com belongs to Tucows which is a known company, yet they managed to send an email that looks exactly like a scammy phishing mail. Everyone (client and I) thought this was very dodgy at first sight, after investigation it's just a bunch of companies who despise their clients.

By the way, OpenSRS has been informed about this issue almost 4 years ago and they said they'll see what they can do. Nothing. That's what they can do.

Why ?

Why has it become so outrageous to send an email from a sender that can be replied to ? Why take a legitimate email and make it look so fraudulent ? What is the goal besides accustoming users into believing that everything is legitimate ?

If senders of emails remove the possibility of any reply, then they do not deserve to be read.