The assumption
This isn't typosquatting. Nobody made a mistake. It's the assumption that a placeholder is no one. Register the placeholder behind that assumption and you don't intercept anything. The mail, the traffic, the code was always routed to you. You just showed up to collect it.
I built an accidental honeypot, and I never sent a packet.
Two ways the data finds you
Sometimes a production system is configured to send to or from the placeholder, and it mails a stranger automatically, forever, with no one in the loop. That's how a catch-all on a noreply domain fills up with real mail.
Sometimes a person follows a setup guide, runs the command with the generic value still in it, and sends real data or code execution to whoever registered it. Same assumption, different route.
What a placeholder looks like
It's older than it looks
- 2008. Krebs wrote about
donotreply.comcatching real corporate mail. - Then. A fintech vendor hardcoded a placeholder its client banks inherited.
- 2026. Mike Sheward bought
deleteduser.comand called it a $15 PII magnet.
Each of those found one domain. Nobody named the class, and nobody wrote down the fix. That's what this is for.
The fix points at your own code
Whose mail I got is the least interesting part. Whether your own systems are addressing a stranger right now is the part worth your time: a real-looking fake sender in your source, or a placeholder domain that's live and registerable. You can catch that in CI, without pointing a prober at anyone else's mail.
Certified Placeholder Squatter