Researchers' Typosquatting Stole 20 GB of E-Mail

← Back to Stories (view on slashdot.org)

Researchers' Typosquatting Stole 20 GB of E-Mail

Posted by Soulskill on Friday September 9, 2011 @04:58AM from the of-tips-and-icebergs dept.

NeverVotedBush writes "Two researchers who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months. The intercepted correspondence included employee usernames and passwords, sensitive security information about the configuration of corporate network architecture that would be useful to hackers, affidavits and other documents related to litigation in which the companies were embroiled, and trade secrets, such as contracts for business transactions."

163 of 204 comments (clear)

Min score:

Reason:

Sort:

Good test. by 140Mandak262Jamuna · 2011-09-09 05:01 · Score: 2

Every damn email they suctioned up has stern boilerplate warning: "This email is intended for XYZ only. If you are not XYZ and you got this email, and if you don't delete it and forget what you have read immediately we are going to pretend we could come after you like gangbusters". Let us see if that stupid boilerplate text has any legal standing.
Anyway, of the 20 Gig they collected, I am sure 19.9 Gig was this boilerplate text.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re:Good test. by bmo · 2011-09-09 05:09 · Score: 3, Informative
  
  >Let us see if that stupid boilerplate text has any legal standing
  It doesn't. It didn't work for real mail so why should it work for email?
  You get something unsolicited, and you are free to do with it whatever you choose. It's up to the sender to get the address right in all cases.
  --
  BMO
2. Re:Good test. by tomhudson · 2011-09-09 05:10 · Score: 3, Informative
  
  The boilerplate has no legal force. First, it's like someone sending you unsolicited snail mail - anyone who sends you, say, an unsolicited book by snailmail can't then send you a demand to pay for it - it's already yours.
  Additionally, boilerplate "contracts", even ones you agree to, are governed by different laws than regular contracts (search for "contract of adhesion" or "standard form contract").
3. Re:Good test. by duguk · 2011-09-09 05:15 · Score: 2, Informative
  
  >Let us see if that stupid boilerplate text has any legal standing
  It doesn't. It didn't work for real mail so why should it work for email?
  You get something unsolicited, and you are free to do with it whatever you choose. It's up to the sender to get the address right in all cases.
  -- BMO
  
  Not true, at least in the UK:
  
  Interfering with mail - Postal Services Act 2000 Section 84
  Triable Summarily (Magistrates court)
  6 Months and or a fine (Max)
  
  A person commits an offence if they without reasonable excuse intentionally delay or open a postal packet in the course of transmission by post or intentionally opens a mail bag.
  
  A person commits an offence if, intending to act to a person's detriment and without reasonable excuse, opens a postal packet which they know or suspect to have been delivered incorrectly.
  
  If you work for the Post service you could commit other offences under Section 83 triable either way (Magistrates or Crown court) and get a sentence of 2 years and or a fine.
4. Re:Good test. by Anonymous Coward · 2011-09-09 05:18 · Score: 2, Interesting
  
  "Delivered incorrectly" is different from "addressed incorrectly". One is an error of the Postal Service, the other is an error of the sender.
5. Re:Good test. by jeffmeden · 2011-09-09 05:21 · Score: 1
  
  It's not "delivered incorrectly" if the address is right (your house) but the contents are wrong (meant for your neighbor)... That's basically what is going on here. While it could easily be argued that they acted with intent (since they certainly don't have a business called Kelllogggs that they need to send/receive email for) it is still within the bounds of "we read it because we were the intended recipient"... Those boilerplates are about as useful as walking around with a t-shirt saying "you just read this now you owe me twenty quid".
6. Re:Good test. by Hooya · 2011-09-09 05:27 · Score: 1
  
  I always thought that was bullshit. How do i *Know* if the email was intended for me? because it's got my email address, that's how.
  Now, how can someone demand that i "promptly delete" the email? i have server logs, backups, and a whole array of things (required - as i understand it - as part of SOX) that would have to be scrubbed. Who's paying? The sender wants me to foot the bill to do all that when i had NO say in whether or not I got the email? How about if I sent the sender an email everyday - unintentionally - and ask that they scrub all of it off their servers? Would they do it? Just because I said so?
  I would love to send the senders of those fucking boilerplates something to the effect of - "since apparently you want me to observe a contract that i didn't agree to - which i did by scrubbing all the traces of your email - now it's your turn: the bill is $10,000, pay up, the invoice is in the mail".
7. Re:Good test. by QuantumRiff · 2011-09-09 05:38 · Score: 1
  
  At least 1.3GB must have been the pretty little green text (sometimes with a graphic of a tree) to "think of the environment before printing this email...
  
  --
  
  What are we going to do tonight Brain?
8. Re:Good test. by onepoint · 2011-09-09 05:43 · Score: 1
  
  100 megs of useable data is what we are talking about.
  what that might cover is legal issues, user names and passwords and the like ...
  so the ability to profit is present, and just like spam, you only need a few to make it worth while
  
  --
  if you see me, smile and say hello.
9. Re:Good test. by duguk · 2011-09-09 05:50 · Score: 1
  
  It's not "delivered incorrectly" if the address is right (your house) but the contents are wrong (meant for your neighbor)... That's basically what is going on here. While it could easily be argued that they acted with intent (since they certainly don't have a business called Kelllogggs that they need to send/receive email for) it is still within the bounds of "we read it because we were the intended recipient"... Those boilerplates are about as useful as walking around with a t-shirt saying "you just read this now you owe me twenty quid".
  While I'll agree the 'envelope' was correct - it was delivered to the correct address; the person who it was delivered to was not the recipient.
  
  If this was applied to mail, not only would it be that they 'know or suspect to have been delivered incorrectly', they are certainly acting with intent. It would be hard to claim they didn't "know or suspect" these mails were not meant for them!
  
  Sure, the boilerplate is meaningless; but to take the postal analogy further - this would be like me deliberately opening a company with a similar name in a similar road to another; with the sole reason of opening their post. It would take a serious stretch of the imagination to say this has been delivered 'correctly', and pretty obvious that it should be unlawful.
  
  This is sure to have happened in the past, I'm sure someone somewhere has mismatched names with addresses on a mail merge. So if I received a bank statement, with your name but my address on it - would you say it was legal for me to open it?
  
  In any case, as confirmed in the Regulation of Investigatory Powers Act 2000:
  
  It is an offence to open, destroy, hide or delay any post that is addressed to someone else. Post cannot be opened if it is to the addressee's detriment and without reasonable excuse. Reasonable excuse is not defined by the Act.
  
  An example of a potential conflict is if a landlord opens a previous tenant's post in order to trace them. Post cannot be opened if someone knows or reasonably suspects the post has been incorrectly delivered.
  
  It is also an offence to divert someone's post in order to intentionally delay them from receiving it. An example of this could be where a person re-posts documents or cheques to delay the addressee from acting upon them.
10. Re:Good test. by duguk · 2011-09-09 05:52 · Score: 1
  
  "Delivered incorrectly" is different from "addressed incorrectly". One is an error of the Postal Service, the other is an error of the sender.
  Either way, as confirmed in the Regulation of Investigatory Powers Act 2000:
  
  It is an offence to open, destroy, hide or delay any post that is addressed to someone else. Post cannot be opened if it is to the addressee's detriment and without reasonable excuse. Reasonable excuse is not defined by the Act.
  
  An example of a potential conflict is if a landlord opens a previous tenant's post in order to trace them. Post cannot be opened if someone knows or reasonably suspects the post has been incorrectly delivered.
  
  It is also an offence to divert someone's post in order to intentionally delay them from receiving it. An example of this could be where a person re-posts documents or cheques to delay the addressee from acting upon them.
11. Re:Good test. by trum4n · 2011-09-09 06:05 · Score: 1
  
  You have to "open" email, just to see who it's sent too.OOPS. TOO LATE.
12. Re:Good test. by Bob+the+Super+Hamste · 2011-09-09 06:05 · Score: 1
  
  We had some "security" training here at work about just that topic a couple of months ago. Basically what I gathered is that it is similar to the BS in EULAs that they put in there just in case case law or an actual law is written that makes it enforceable. But in general those notices carry no weight.
  
  --
  Time to offend someone
13. Re:Good test. by duguk · 2011-09-09 06:15 · Score: 1
  
  You have to "open" email, just to see who it's sent too.OOPS. TOO LATE.
  No, at least in theory, you don't. SMTP literally has an "envelope"; it should be all the server looks at to relay/deliver messages.
14. Re:Good test. by Chris+Mattern · 2011-09-09 06:19 · Score: 1
  
  A person commits an offence if, intending to act to a person's detriment and without reasonable excuse, opens a postal packet which they know or suspect to have been delivered incorrectly.
  But it was delivered completely correctly. The sender specified the wrong address, but it was delivered absolutely correctly to that address.
15. Re:Good test. by Medievalist · 2011-09-09 06:19 · Score: 2
  
  that is addressed to someone else.
  It was addressed to me; I own the address that received it, it is mine. According to the laws you've quoted, anyway, which strictly forbid opening mail addressed to other people. Only I may legally open it; it is mine.
  I get a dozen emails a month on my gmail account that are intended for a person with a name very similar to mine.
  These emails are all addressed to me, although that's not who they should have been sent to. The person sending intentionally sent it to me - they typed my address and pressed 'send' - so under the laws you've quoted nobody else may open it, only me.
  I try and try to get these people (who are mostly British real estate salesmen) to stop sending me these emails which sometimes contain confidential information relating to their clients. The tossers apologize and promise never to do it again (and occasionally do stop for a week or two, then start up again). It appears that many British land brokers are not just poor typists, but also idiots.
16. Re:Good test. by shentino · 2011-09-09 06:20 · Score: 1
  
  You don't need it for real mail because tampering with an envelope addressed to someone else is a federal offense.
17. Re:Good test. by duguk · 2011-09-09 06:25 · Score: 1
  
  So...what you're saying is that I could not open or throw away mail that is addressed to someone that does not live in my house, yet has my address on it? Pretty soon, I'm going to be crushed under the weight of all the mail addresses to "homeowner" or "recipient"!
  Or, am i expected to find out where this person is, and do the Post's job for them? (fat chance).
  If you're the homeowner or recipient, then you are the addressee... no need to be facetious.
  If it has someone elses name on it, no you cannot legally open it, at least by the law of the UK.
  If you set up a similarly named address, for the sole purpose of intercepting mail, then I would expect that yes, you're still breaking the law.
18. Re:Good test. by JSBiff · 2011-09-09 06:27 · Score: 1
  
  With physical goods, like a book, I suspect they could legally demand the book be returned (although, who's going to hire a lawyer and go to court over a $10 book).
  If it were something sufficiently valuable for it to be "worth it", though, they could probably demand it be returned. I mean, mailing something to you doesn't make you the 'owner' - netflix mails me DVDs, but I don't "own them", and must return them. I suppose the courts could look at a mis-sent item as never actually having ownership transferred, if there's a lack of clear indication that ownership *has* been transferred (e.g. when you buy a book from Amazon, you have a receipt which clearly shows you purchased the item, and that ownership would transfer to you; if someone sends you something by mistake, there's no such basis for anyone to believe that the sender intended to transfer ownership).
19. Re:Good test. by duguk · 2011-09-09 06:28 · Score: 1
  
  A person commits an offence if, intending to act to a person's detriment and without reasonable excuse, opens a postal packet which they know or suspect to have been delivered incorrectly.
  But it was delivered completely correctly. The sender specified the wrong address, but it was delivered absolutely correctly to that address.
  As others have pointed out, delivered!=addressed.
  
  i.e. just because my bank sent my bank statement to your house by accident, that does not give you the right to read or open it (at least not via post in the UK)
20. Re:Good test. by _0xd0ad · 2011-09-09 06:29 · Score: 2
  
  You're supposed to mark it "no longer at this address - return to sender", black out the barcode at the bottom with a marker, and put it in the outgoing mail.
21. Re:Good test. by 0racle · 2011-09-09 06:32 · Score: 1
  
  Example:
  
  Me: bob@aple.com
  Not Me: bob@apple.com
  
  Amy means to send to bob@apple.com but can't be bothered to be careful and sends to bob@aple.com.
  
  Can I read it?
  Of course. It is addressed to me so "offence to open, destroy, hide or delay any post that is addressed to someone else" doesn't apply. It was addressed to me and therefore delivered to me so "someone knows or reasonably suspects the post has been incorrectly delivered" so this too doesn't apply. Also, I did not delay delivery since it was addressed to me and probably delivered in a prompt manner.
  
  Now, you are going to point out this part - "someone knows or reasonably suspects the post has been incorrectly delivered" and say that since I don't know Amy I should reasonably suspect her messages are not for me. I do get mail from people I don't know, it is rare but it does happen. I do not have any reason to assume any e-mail was not intended for me until I have opened the message and seen it's contents. This is not a physical package, e-mail out of the blue is not that uncommon.
  
  And just to throw water on the whole thing, I doubt that you could get laws governing physical mail to cover e-mail.
  
  --
  "I use a Mac because I'm just better than you are."
22. Re:Good test. by nabsltd · 2011-09-09 06:33 · Score: 1
  
  While I'll agree the 'envelope' was correct - it was delivered to the correct address; the person who it was delivered to was not the recipient.
  I do not think that word means what you think it means.
  By definition, if something is addressed to you and you get it, then you are the "recipient". It does not matter what the thing is that you received, or why you received it. And, even the UK law you quote agrees with this definition, and gives only examples of when the mail is "addressed to someone else". This law is the US is similar. For example, the Post Office even made ads about how receiving something by mail that you did not request doesn't make you obligated to pay for it, because scammers were sending unrequested items via the mail and enclosing bills, then suing for non-payment.
23. Re:Good test. by blair1q · 2011-09-09 06:33 · Score: 1
  
  19.9 Gig was pr0n, lolcats, and "Undeliverable Message" replies.
24. Re:Good test. by trum4n · 2011-09-09 06:34 · Score: 1
  
  Well the servers arn't making the mistake...
25. Re:Good test. by gstoddart · 2011-09-09 06:37 · Score: 3, Interesting
  
  It doesn't. It didn't work for real mail so why should it work for email?
  You get something unsolicited, and you are free to do with it whatever you choose. It's up to the sender to get the address right in all cases.
  Well, in this case, you have to make the explicit step of setting up an alternate site, and having something there to get email. So you've explicitly put stuff in place to catch these messages.
  Under normal circumstances, the user would get a bounce-back of the message ... so, someone might be able to argue that it's not like something was delivered to you out of the blue. You've actually created the thing that it gets delivered to, and made it look as close as you could to the intended one.
  At a minimum, this might get into a gray area, and might be full on illegal, even if you were only passively receiving the mis-directed stuff thereafter.
  I don't think you can make the claim that you just happened to be receiving these emails.
  
  --
  Lost at C:>. Found at C.
26. Re:Good test. by _0xd0ad · 2011-09-09 06:37 · Score: 1
  
  No, not really. If you're a BCC'd recipient you wouldn't even be able to tell from the headers. All you'd see is a delivered-to header and obviously that has to be you since you received it. It's the RCPT TO field that determines who actually receives the e-mail, not the To, Cc, or Bcc headers (the Bcc header is stripped out anyway).
27. Re:Good test. by GNious · 2011-09-09 06:38 · Score: 1
  
  Those laws have to REALLY annoy GMail and News International
28. Re:Good test. by Chris+Mattern · 2011-09-09 06:41 · Score: 1
  
  If it has my address on it, how am I even supposed to know it's not for me before I open it?
29. Re:Good test. by nedlohs · 2011-09-09 06:43 · Score: 1
  
  If they addressed it to me i'm pretty sure it does - or am I supposed to use magical powers to determine I should open that piece of mail with my name and my address on it?
  This is not "Bob Smith at 12 Station St" getting mail addressed to "Bill Jones at 14 Station St" It is not even "Bob Smith at 12 Station St" getting mail addressed to "Bill Jones at 12 Station St". This is "Bob Smith at 12 Station St" getting mail addressed to "Bob Smith at 12 Station St".
  Sure the sender screwed up an actually meant to send it to Bill, but are you seriously saying Bob is going to be breaking the law by opening it.
  And that could happen with physical mail - it's not such a stretch to put the a letter in the wrong envelope. I'm sure someone somewhere has sent TIm's wedding invitation to Jane because they screwed up when putting 200 personalised invites into 200 addressed envelopes. Or a letter printer and envelope printer got out of sync in some automated setup.
30. Re:Good test. by duguk · 2011-09-09 06:49 · Score: 1
  
  Email doesn't follow most of the postal rules because of the relative infallibility of machines, thus most postal privacy laws don't apply.
  You're right - I agree entirely. But I wasn't the one who compared the email with postal services;
  I simply took issue with 'bmo' comparing the two when there ARE laws in the UK about opening post not to the addressee.
  
  I don't even believe the postal laws should apply to email; I believe the law should only come into effect where it's clear the 'typosquatted' domain is there for fraud.
31. Re:Good test. by nedlohs · 2011-09-09 06:52 · Score: 1
  
  With physical goods, like a book, I suspect they could legally demand the book be returned (although, who's going to hire a lawyer and go to court over a $10 book).
  I can suspect that all you want. You'd still be wrong.
  https://postalinspectors.uspis.gov/investigations/MailFraud/fraudschemes/othertypes/UnsolicitedFraud.aspx
  
  If it were something sufficiently valuable for it to be "worth it", though, they could probably demand it be returned. I mean, mailing something to you doesn't make you the 'owner' - netflix mails me DVDs, but I don't "own them", and must return them.
  You have an agreement with netflix before they sent them that you would return them. If netflix sent you some DVDs to someone who hadn't requested them out of the blue, then that person now owns those DVDs.
32. Re:Good test. by duguk · 2011-09-09 06:52 · Score: 1
  
  I should reasonably suspect her messages are not for me. I do get mail from people I don't know, it is rare but it does happen. I do not have any reason to assume any e-mail was not intended for me until I have opened the message and seen it's contents.
  In the case of the post (not that I believe it should apply, just that's what we're talking here); if the letter was addressed to your name and the address was incorrect, it would be a simple case of mistaken identity, and although probably illegal somehow - I'm sure it wouldn't be enforced.
  
  If you'd set up aple.com for the deliberate purpose of fraud, (like those in the article have) then you can "reasonably suspect the post has been incorrectly delivered".
33. Re:Good test. by duguk · 2011-09-09 06:55 · Score: 1
  
  No, not really. If you're a BCC'd recipient you wouldn't even be able to tell from the headers. All you'd see is a delivered-to header and obviously that has to be you since you received it. It's the RCPT TO field that determines who actually receives the e-mail, not the To, Cc, or Bcc headers (the Bcc header is stripped out anyway).
  Yes, BCC is another reason why the original comparison (from 'bmo') to post vs email is not a fair comparison; and why the laws (that really do exist in the UK) shouldn't apply to email.
34. Re:Good test. by Lucidus · 2011-09-09 06:56 · Score: 1
  
  U.S. postal regulations explicitly state that if you receive unsolicited goods in the mail, they are yours to do with as you wish - you have no obligation to the sender. The liability is always with the sender. This is to discourage certain obvious scams.
  If something is delivered to you which is clearly intended for someone else (i.e., right address, wrong name), things might get more complicated. I don't know the legalities in that case.
35. Re:Good test. by duguk · 2011-09-09 06:57 · Score: 1
  
  If it has my address on it, how am I even supposed to know it's not for me before I open it?
  Do you not have a name, Chris Mattern? =)
36. Re:Good test. by Darinbob · 2011-09-09 07:00 · Score: 1
  
  But it doesn't have your name on it, so you can't open it under the laws of many countries. You need more than just the address for it to be your, it must have address and name or say "occupant" or the like. There is also a test that courts would apply about whether it was reasonable for you to assume that it was intended for you or not. It's one thing to make an honest mistake, but if you are reading the previous tenant's post then you are on shaky legal grounds depending upon where you live.
37. Re:Good test. by amRadioHed · 2011-09-09 07:01 · Score: 1
  
  You don't seem to want to acknowledge the difference between incorrectly delivered and incorrectly addressed. If someone puts my address in the To field and it arrives in my inbox then it was correctly delivered. Whether they intended for me to receive the email or not is not relevant to the laws you referenced.
  
  --
  We hope your rules and wisdom choke you / Now we are one in everlasting peace
38. Re:Good test. by CBravo · 2011-09-09 07:01 · Score: 1
  
  I hear a new scam born... And you invented it. That means you are responsible for all damage that results, right?
  
  At least morally ;-)
  
  --
  nosig today
39. Re:Good test. by Darinbob · 2011-09-09 07:03 · Score: 1
  
  The name is a part of the address! If the letter says "Bob Smith" and you are not "Bob Smith" then it is NOT addressed to you even if the street address matches yours.
40. Re:Good test. by duguk · 2011-09-09 07:06 · Score: 1
  
  If they addressed it to me i'm pretty sure it does - or am I supposed to use magical powers to determine I should open that piece of mail with my name and my address on it?
  This is not "Bob Smith at 12 Station St" getting mail addressed to "Bill Jones at 14 Station St" It is not even "Bob Smith at 12 Station St" getting mail addressed to "Bill Jones at 12 Station St". This is "Bob Smith at 12 Station St" getting mail addressed to "Bob Smith at 12 Station St".
  Sure the sender screwed up an actually meant to send it to Bill, but are you seriously saying Bob is going to be breaking the law by opening it.
  And that could happen with physical mail - it's not such a stretch to put the a letter in the wrong envelope. I'm sure someone somewhere has sent TIm's wedding invitation to Jane because they screwed up when putting 200 personalised invites into 200 addressed envelopes. Or a letter printer and envelope printer got out of sync in some automated setup.
  You've made a few errors there. This is "12 Staton St" getting mail addressed to "Bob Smith at 12 Station St". It would be unfortunate in the postal system if the a duplicate name lived at the mistaken address. If there is a "Bob Smith" at the real address, it's unlikely, but surely it would be a "Reasonable Excuse" - as defined in the law you replied to.
  
  However, in this case, the fake "Bob Smith" has set up a house called "12 Staton St" and hoping people get the wrong address; and he isn't really even called "Bob Smith" at all. That's why the law states: "know or suspect to have been delivered incorrectly".
  
  The original argument from 'bmo' was "You get something unsolicited, and you are free to do with it whatever you choose. It's up to the sender to get the address right in all cases." - that's not the case for post in the UK.
  
  However - what works in the real world shouldn't always apply on the Internet...
41. Re:Good test. by duguk · 2011-09-09 07:09 · Score: 1
  
  You don't seem to want to acknowledge the difference between incorrectly delivered and incorrectly addressed. If someone puts my address in the To field and it arrives in my inbox then it was correctly delivered. Whether they intended for me to receive the email or not is not relevant to the laws you referenced.
  If we're going to take the Post metaphor so seriously; presumably if it's in your inbox - but clearly not for you; then you cannot open it since 'Post cannot be opened if someone knows or reasonably suspects the post has been incorrectly delivered.'.
  
  However, of course, if you aren't sure if it is for you; then that would likely be a 'reasonable excuse' to open it under the law.
  Presumably once you have opened it and realised it is not for you, you would follow the boilerplate and delete the message.
  
  Seriously, I'm not condoning that these laws should apply to email - but if we are going to make a comparison, at least get your facts right.
42. Re:Good test. by amRadioHed · 2011-09-09 07:26 · Score: 1
  
  There you go again. If it has my address then it's not incorrectly delivered. What is it about that you don't get?
  
  --
  We hope your rules and wisdom choke you / Now we are one in everlasting peace
43. Re:Good test. by nedlohs · 2011-09-09 07:41 · Score: 1
  
  I was only respinding to this part:
  
  just because my bank sent my bank statement to your house by accident, that does not give you the right to read or open it (at least not via post in the UK)
  Which has nothing to do with email and domain squatting and so on.
  If my name is Bill Smith and I live at 12 Station St and your bank decides to send your bank statement to me addressed as:
  Bill Smith
  12 Station St.
  Then surely it can not be against the law for me open the letter? How do I know it isn't for me before I open it?
44. Re:Good test. by shentino · 2011-09-09 07:54 · Score: 1
  
  Or giving Satan an EULA when he comes to collect your soul.
45. Re:Good test. by Miseph · 2011-09-09 08:06 · Score: 1
  
  It was delivered to a person other than the recipient. That means it was incorrectly delivered. Whether it was incorrectly delivered because the person who addressed it made a mistake or because the person who delivered it made a mistake is immaterial to the fact that it was not delivered to the right person.
  Furthermore, the rules in question belong to a legal system which is explicitly designed to handle such questions and come to meaningful answers based on the details of precisely what happened. You may believe that opening mail addressed to a person who shares a name with your next door neighbor at your address is within your rights, but if a judge and/or jury do not agree with your reading of the law that will trump any and all nitpicking and semantics.
  
  --
  Try not to take me more seriously than I take myself.
46. Re:Good test. by Chris+Mattern · 2011-09-09 08:08 · Score: 1
  
  Ding ding ding! We have a winner!
47. Re:Good test. by tomhudson · 2011-09-09 08:26 · Score: 1
  
  No, they can't. A publisher sent me an unsolicited book, based on a mailing list that I would be a likely sucker. I kept the book, tossed out the invoice. Legally, the book is mine, and I have no legal obligation to either pay for it or return it.
  Your netflix example is silly - you have an agreement to lease the DVDs with them.
  Sending it to a mistaken address is a different story as well.
  But sending unsolicited material to the RIGHT recipient transfers ownership, plain and simple.
48. Re:Good test. by PoopCat · 2011-09-09 08:29 · Score: 1
  
  WTFety-F? How can an email be delivered to a person other than the recipient? The recipient is exactly who the email was delivered to, that's the very definition. I'll spare you further embarrassment and presume you meant 'intended recipient' - but in that case, how can the *actual* recipient know what was going through the mind of the sender, based solely on the fact that the email APPEARED IN HIS OR HER MAILBOX?
49. Re:Good test. by idontgno · 2011-09-09 08:45 · Score: 1
  
  Yes, BCC is another reason why the original comparison (from 'bmo') to post vs email is not a fair comparison; and why the laws (that really do exist in the UK) shouldn't apply to email.
  Of course it can apply to email. Trivial technical differences can be swept away with cracking good courtroom theatrics and a friendly judge. I'm sure Crown Prosecution considers it merely a brisk challenge, not some kind of crippling and disqualifying shortcoming in the law.
  Any law is applicable to any act if you're willing to squint enough.
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
50. Re:Good test. by idontgno · 2011-09-09 08:50 · Score: 1
  
  Hey! You must work for my company!
  TBH, I'm waiting for a directive to come down from our Green Compliance Weasel Team to font switch colors in that boilerplate "sustainability" blurb because we're exhausting the world's supply of green photons or something.
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
51. Re:Good test. by shentino · 2011-09-09 09:03 · Score: 1
  
  They are not completely useless.
  First of all they put you on notice that the contents are confidential, and zap any pretention that the person sending has granted express consent.
  So they function more as evidence and notice than they do as a binding agreement.
52. Re:Good test. by duguk · 2011-09-09 09:10 · Score: 1
  
  While I'll agree the 'envelope' was correct - it was delivered to the correct address; the person who it was delivered to was not the recipient.
  I do not think that word means what you think it means.
  By definition, if something is addressed to you and you get it, then you are the "recipient". It does not matter what the thing is that you received, or why you received it. And, even the UK law you quote agrees with this definition, and gives only examples of when the mail is "addressed to someone else". This law is the US is similar. For example, the Post Office even made ads about how receiving something by mail that you did not request doesn't make you obligated to pay for it, because scammers were sending unrequested items via the mail and enclosing bills, then suing for non-payment.
  That's irrelevant. I can't (literally nor legally) start a fake company with the same address as another, without it being unlawful to open their post.
  
  I.e. it may have been delivered to your letterbox, but that doesn't mean you can legally open a letter from the bank that's addressed to your parents from the comfort of your basement.
53. Re:Good test. by duguk · 2011-09-09 09:17 · Score: 1
  
  WTFety-F? How can an email be delivered to a person other than the recipient? The recipient is exactly who the email was delivered to, that's the very definition. I'll spare you further embarrassment and presume you meant 'intended recipient' - but in that case, how can the *actual* recipient know what was going through the mind of the sender, based solely on the fact that the email APPEARED IN HIS OR HER MAILBOX?
  Seriously? I was making a comparison to the post office; because that's how the conversation started. Go back to the beginning of the thread and you might not feel so angry.
  
  For example, if this were to apply to the mail; if for example you have a wildcarded email, and you receive that is not addressed to your normal email address and with a different name would imply that it is not for you. Thankfully there is a fairly clear part of the law that speaks of "reasonable excuse". An identical name or insufficient information would be an example of this.
  
  However, setting up a fake domain name that is similarly named to another, under the UK law, you could be fairly sure that you "reasonably suspect the post has been incorrectly delivered" and therefore opening it (under the UK law) would be illegal...
  
  I'm not saying I agree with the law; but BMO (above) said "You get something unsolicited, and you are free to do with it whatever you choose. It's up to the sender to get the address right in all cases." - that's not true under the UK law. If you receive a bank statement with someone else's name on it, it almost certainly wouldn't be lawful to open it.
  
  Hope we're clear on that now.
54. Re:Good test. by duguk · 2011-09-09 09:21 · Score: 1
  
  Well the servers arn't making the mistake...
  I'm sure it's not the customers' mistake when the bank sends their statement to the wrong address.
  That doesn't mean you can legally open it if it's clear you "know or suspect to have been delivered incorrectly" under the UK postal law.
  
  The law doesn't explain what those indications might be, but if we're going to apply the UK postal law to email; these are considerations that should be made.
55. Re:Good test. by tomhudson · 2011-09-09 09:24 · Score: 1
  
  Except that any disclosure to a 3rd party, even by accident (the sole exception being if the 3rd party gained the knowledge through criminal action), makes the contents and knowledge gained public wrt that 3rd party.
  So don't count on them for keeping trade secrets, for example, private.
56. Re:Good test. by trum4n · 2011-09-09 09:31 · Score: 1
  
  But 90% of users cant figure out who email is to, without opening it.
57. Re:Good test. by Medievalist · 2011-09-09 09:33 · Score: 1
  
  But it doesn't have your name on it
  Yes it does. All the mis-sent email I get all has my name and my address on it. Otherwise it would not have been delivered to me.
58. Re:Good test. by Synerg1y · 2011-09-09 09:33 · Score: 1
  
  it is legal for me to own gogle.com anywhere if it's not registered, google can't take it from me by any means, if you (the user) goes to gogle.com, google will count it as a legitimate hit, but what actually happens when you go to gogle.com? :) Exactly, google owns it, among a hord of other commonly misspelled variants of google and its services. This is called intelligence and wise investing in IT infrastructure. The company that owns a domain such as @sony.com should also own @osny.com, @soyn.com, etc... not like these domains cost a fortune compared to the hits they generate / in this case information they save. Can everybody afford to this? Hell no, can all the fortune 500 companies afford to do this? They spend more on bonuses per department, so yes, easily.
  On that note, I've never heard of an experiment like this, I've heard of shadow domains to try and steal information, ex. gogle.com looks EXACTLY like google.com but is actually redirecting you to some crazy sites. Maybe this might be the wake up call needed for those IT departments, shame those domain names are already bought :P
59. Re:Good test. by duguk · 2011-09-09 09:37 · Score: 1
  
  I was only respinding to this part:
  
  just because my bank sent my bank statement to your house by accident, that does not give you the right to read or open it (at least not via post in the UK)
  Which has nothing to do with email and domain squatting and so on.
  If my name is Bill Smith and I live at 12 Station St and your bank decides to send your bank statement to me addressed as:
  Bill Smith 12 Station St.
  Then surely it can not be against the law for me open the letter? How do I know it isn't for me before I open it?
  That's what I'm saying - if my name is Bill Smith and you cannot possibly "know or suspect to have been delivered incorrectly", then surely you opening it to find out would be considered a "reasonable excuse" under the law, no?
60. Re:Good test. by bmo · 2011-09-09 09:47 · Score: 1
  
  But it's not addressed to someone else.
  I call myself Bob. If someone sends mail to me addressed to Bob at Anytown, USA, and they really meant to send it to Alice at Anytown, USA, it doesn't matter who it was "meant for" - the outside of the envelope clearly says "Bob Anytown, USA"
  I fucking own it. Go ahead, try to sue me.
  --
  BMO
61. Re:Good test. by mlts · 2011-09-09 13:27 · Score: 1
  
  I know this is might be a dumb idea, but instead of relying on a dubious disclaimer, why don't companies encourage internal employees and partners to use S/MIME, or even better PGP encryption?
  PGP can be used with ADKs (additional decryption keys) to ensure recovering of data (important for regulations and legal compliance.) S/MIME can be used, although it might be less secure if you don't watch your CAs. Almost all general purpose MUAs support S/MIME and have some type of plug-in for PGP/gpg. Even the mailer in iOS 5 has S/MIME key support. Barring that, it isn't too tough to copy and paste text to a PGP decoder.
  With PGP, gpg, or S/MIME, if a message gets delivered to the wrong person, unless the mis-addressed party has the resources of a country intelligence department, it really doesn't matter.
  Why isn't encryption more prevalent these days?
62. Re:Good test. by reub2000 · 2011-09-09 14:14 · Score: 1
  
  Well if you register a domain like hotmsil.com, most people would assume that mail being sent there was intended for addresses ending in hotmail.com.
63. Re:Good test. by duguk · 2011-09-09 16:10 · Score: 1
  
  I would like to note that it state opened. Since an e-mail is data it can be read directly without being 'opened'. The only protection that is available to them is if it's encrypted. Here in the us that would make it illegal to decrypt under the DMCA, with a few exceptions. I believe the EU has a similar law that would protect encrypted e-mails as well.
  That's irrelevant - the original post was about applying the postal laws to email. If these domain squatters 'knows or reasonably suspects the post has been incorrectly delivered'; then if we were to apply these laws to domains and email - it would be illegal. Encryption is entirely irrelevant.
64. Re:Good test. by adolf · 2011-09-09 18:45 · Score: 1
  
  It appears that many British are just idiots.
  There. Fixed that for you.
  
  --
  Kid-proof tablet..
65. Re:Good test. by tomhudson · 2011-09-10 04:55 · Score: 1
  
  To answer your last question "Why isn't encryption more prevalent these days", it's because it's not integrated into the individual services - people have to *THINK*, and thinking is hard. Plus, they don't realize that there is a problem in the first place.
  
  Barring that, it isn't too tough to copy and paste text to a PGP decoder.
  
  For the majority of the population, yes, it IS too tough. We're talking about users who are, in some many cases, barely over the "the coffee cup holder in my computer is broken" level. When you ask them to type a web site address in the url bar, they type it into the search box instead - and keep complaining that they can't find the newly-registered domain, because even though it's been propagated for 3 days, Google hasn't found it yet (this last was from a programmer who has since stopped programming, thank $DIETY_OR_DARWIN_PICK_YOUR_POISON).
  Look at how many businesses are using Google Docs to store their company data, internal communications, etc., outside their control. And using gmail for stuff that should be private. When you think of it. that's insane ... totally gonzo.
  I for one am sick of the whole "if you have nothing to hide" lame excuse for turning me into a product to be sold to advertisers. I am *not* a product. I am *not* a number. I am *not* a statistic to be sliced and diced and analyzed and fed the thin gruel that passes for "what's hot today." A few of us started discussing solutions to this in one of my journal entries yesterday here. Please feel free to throw bricks as needed :-)
66. Re:Good test. by mlts · 2011-09-10 08:35 · Score: 1
  
  I agree 100%. The "if you have nothing to hide" BS rings hollow as soon as you replace "law enforcement" with "thieves". When I send out a signed/encrypted statement to a client via PGP, it is encrypted not to keep the po-po out, but to keep who may be listening on the line off, be it a dodgy wi-fi spot, or somewhere along the line things got compromised, such as a compromised CA.
  Same reason I lock my doors. Let other people make it easy for the criminal element to victimize them.
  What people fail to realize with the cloud concept is that some data center somewhere has to store the data, and that cost is going to be passed onto someone. Storing a company's assets on Google Docs means that blackhats have more eggs in one basket, and if Sony (which was known for hyper-aggressive legal action against anyone who appeared to crack any of their security measures) was completely owned, then anyone can be taken over. Keeping one's data at home means that a cracker now has to choose targets, as opposed to just spending time going after the big juicy one.
  Basic security 101 states to keep things separate as much as possible. With cloud computing, businesses and individuals are encouraged to do the diametric opposite -- store everything in one location.
  What people don't realize is that the info that they willingly give out may be what hangs them later on in life. Say their local government decides to go on a "proactive anti-terrorist campaign", does a search on FB for people who like a certain group or philosophy. By simple weighting of statements and then a subsequent sending out of police to do knocks on doors, those people can be removed from society in minutes.
  On a longer term scale, what goes onto FB will affect job prospects later. For example companies who riffle through FB profiles and look for terms that are potentially racist, then stamp "UNHIRABLE" on people's foreheads. Even with FB stuff set private, it isn't hard for employers to demand friend access, and recently, a friend of mine had in the employment contract that hiding messages from the employer's "friend" account was grounds for immediate termination.
  E-mails are a treasure trove too. Even more insidious is that people are wising up that Facebook is public, and not to post there. However the same data mining can be done to mail as well. A repressive government can find a person of interest, then check who emails to/from and what the contents are. Then it is trivial to send a couple people to pick up that person and introduce them to room 101.
  One doesn't have to be paranoid about it -- one doesn't have to have a version of PGP predating a certain day in 1994, and Symantec's PGP utility is what I use if on Windows for pure convenience sake. However, it would be nice if people just started encrypting what they said to private keys, although signing before encryption would add a layer of security and prevent fake mail.
  Maybe it might be time for some more PGP/gpg tools to make life easier as well. PGP/gpg keyserver code needs a facelift, and better options for replicating keys, as well as allowing keys to be marked as revoked if signed revokers say so, as well as giving notice about ADKs used.
  Of course, having more MUAs support OpenPGP stuff directly would be nice, as opposed to having to cut/paste, or use Hushmail's web page for decryption of stuff if one doesn't have access to a PGP app.
67. Re:Good test. by lsatenstein · 2011-09-10 11:43 · Score: 1
  
  There is a difference between paypal.org and paypall.org
  Which is the correct URL?
  
  --
  Leslie Satenstein Montreal Quebec Canada
68. Re:Good test. by AK+Marc · 2011-09-10 19:54 · Score: 1
  
  In New Zealand, it's fraud to use money that wasn't intended for you, even if it made it into account on error of the sender. So if someone "accidentally" transfers $1,000,000 into your account, you commit a felony if you take it out and spend it. So you are wrong.
  
  --
  Learn to love Alaska
69. Re:Good test. by WindShadow · 2011-09-12 03:17 · Score: 1
  
  Not true, at least in the UK:
  
  Interfering with mail - Postal Services Act 2000 Section 84 Triable Summarily (Magistrates court) 6 Months and or a fine (Max) A person commits an offence if they without reasonable excuse intentionally delay or open a postal packet in the course of transmission by post or intentionally opens a mail bag. A person commits an offence if, intending to act to a person's detriment and without reasonable excuse, opens a postal packet which they know or suspect to have been delivered incorrectly.
  And there's the rub, if the mail is delivered as addressed, can it be said to be delivered incorrectly? This is why lawyers exist, to convince a judge or jury that what the law says is not what it means.
  
  If you work for the Post service you could commit other offences under Section 83 triable either way (Magistrates or Crown court) and get a sentence of 2 years and or a fine.
70. Re:Good test. by PoopCat · 2011-09-12 04:15 · Score: 1
  
  The recipient is the person who received the transmission, be it via physical or electronic delivery. THAT was the part I was responding to; giving you the benefit of the doubt by assuming you might have meant "intended recipient" was mere charity on my part, since you seemed to have trouble with the concept of "recipient". No anger, I assure you.
  
  In case you're still not clear: if an email appears in my inbox, I am the recipient. If a postcard appears in my physical mail box, I am the recipient. In both cases, regardless of the intent of the sender.
71. Re:Good test. by PoopCat · 2011-09-12 04:20 · Score: 1
  
  What if the domain is hotmale.com?
  
  Who is this "most people" of which you speak?
72. Re:Good test. by Medievalist · 2011-09-12 10:04 · Score: 1
  
  All the mail I get is addressed to me. It has my name on it, my address on it. It has my name in the SMTP envelope, it has my name in the salutation, it has my name in the "To:" field.
  The lusrs that sent it typed in the wrong address, but the person they wanted to send it to has the same name I do. Capisce?
  Human names are not reliably unique.
NO TYPING! by ColdWetDog · 2011-09-09 05:04 · Score: 1, Funny

The attacker relies on the fact that users will always mistype a certain percentage of e-mails they send.
Who is doing this? Who types email addresses and doesn't use a contacts list or similar?
I suppose this is Window's fault but typing is so 20th Century....

--
Faster! Faster! Faster would be better!
1. Re:NO TYPING! by ArrowBay · 2011-09-09 05:25 · Score: 1
  
  True, contact lists and autocomplete should eliminate this... in theory.
  In practice, there are legitimate holes in the system. Maybe you fatfinger the address when sending from your smartphone, where you can't access your contact list. Or maybe a colleague or client mistypes the address in an e-mail to multiple people, and then you simply "reply all" not realizing that address was wrong -- which sends the mail to the wrong address, but also gets your e-mail software to assume that's a valid address to add to your contact list.
  It also has nothing to do with Windows, unless Microsoft is more omnipowerful than I thought...
  
  --
  Domains, shared and dedicated hosting, SSL certs, and more: ArrowBay.net
2. Re:NO TYPING! by jeffmeden · 2011-09-09 05:25 · Score: 1
  
  Any sufficiently advanced operating system would have known who you meant to email and automatically routed the message regardless of your inability to type "landolakes.com" without making a mistake. Duh.
3. Re:NO TYPING! by phallstrom · 2011-09-09 05:32 · Score: 1
  
  You have to type it in the first time -- unless they sent you an email. So.... type it in wrong. Send off an email. Oops. Now it's in your mail app's magical "previous recipients" list. Update your official contact list. Send them another email. But your mail app decides to use the previous recipient entry since it's "more recent" (or whatever) than your official contact entry. Unless you click on the person's name to verify the updated address you'll never know and another misdirected email is sent.
  In my experience a much bigger problem is folks who deal with a lot of third party contacts... John Smith at CompanyA and John Smyth at CompanyB. The user starts typing "John" and lets it auto complete. Maybe they even see the first "Sm" and assume it's good. And off the email goes to the wrong people. When I worked in IT I'd get frantic calls from people asking if I could stop an email from going out because they'd realize it just after sending it...
4. Re:NO TYPING! by SleazyRidr · 2011-09-09 05:47 · Score: 1
  
  When you're working with someone from a different company, they won't be in your company's address book, so you have to type it in at least once to get it into your personal address book. If your company manages it well, that'll go into the corporate address book, but you'll still need to add people from other companies from time to time.
  
  --
  Is 1563649 a prime number?
5. Re:NO TYPING! by Nethemas+the+Great · 2011-09-09 05:55 · Score: 1
  
  Actually it might be Window's fault for your preconceptions however it isn't for the email. Properly interpreting a noisy communication of an email address would be the responsibility of the email client application not the OS, for the OS has no business dealing with such high level issues.
  
  --
  Two of my imaginary friends reproduced once ... with negative results.
6. Re:NO TYPING! by Nethemas+the+Great · 2011-09-09 05:59 · Score: 1
  
  There's also the good fun of these contact lists being created on the spot by means of "first entry". If you entered it in wrong the first time there will be a contact entry made with the wrong address. Any future emails will have a far greater chance of auto-correcting to the incorrect address and all it takes is a person not paying attention to send it off as such.
  
  --
  Two of my imaginary friends reproduced once ... with negative results.
7. Re:NO TYPING! by Reverand+Dave · 2011-09-09 06:06 · Score: 1
  
  Totally 20th century. Personally, I only use eye movements and slight neck twitches for e-mail inputs. In fact, this post is composed solely of copied and pasted letters and characters.
  
  --
  I got here through a series of tubes
8. Re:NO TYPING! by bigredradio · 2011-09-09 06:12 · Score: 1
  
  You must be new here.
  
  --
  Flexible bare-metal recovery for Linux/UNIX
9. Re:NO TYPING! by Darinbob · 2011-09-09 07:04 · Score: 1
  
  You don't type? How did you compose your post?
10. Re:NO TYPING! by shentino · 2011-09-09 09:08 · Score: 1
  
  Only problem is that a system smart enough to do that is also a system I wouldn't trust because I know the government may wish to have subverted it.
11. Re:NO TYPING! by icebraining · 2011-09-09 11:23 · Score: 1
  
  If you have a data plan (well, you can send emails) and you don't have 'access' to your contact list, you're doing it wrong. Even my older-than-the-iphone Nokia S60 phone can sync contacts.
  
  --
  Dilbert RSS feed
12. Re:NO TYPING! by guruevi · 2011-09-09 15:53 · Score: 1
  
  Well, the problem with contact lists (in large companies at least) is that they are maintained by secretaries. If somebody then makes the mistake of typing seibm.com instead of se.ibm.com, EVERYBODY sends the wrong e-mail for hours if not days until it gets discovered.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
13. Re:NO TYPING! by h4lphl33tor · 2011-09-09 18:54 · Score: 1
  
  Strange, they should only have gotten negative results if they had multiplied.
  
  --
  
  l/2
  Truly challenging Sudoku puzzles
So what is this an argument for? by JoshuaZ · 2011-09-09 05:04 · Score: 1

One obvious lesson for this is that using email systems that have autocompletes for addresses you've already used or have had replies from is obviously important. A lot of modern software does this although some does not (my university's default webmail application doesn't for example although gmail does). Another more technical response to this is for people to use public key encryption when they are sending sensitive stuff. There's still some danger that they will at some point look up the public key but this will at least reduce problems. And there are obvious ways of distributing a lot of these keys in a secure fashion. For example, when you go to a bank to open a new account they could hand you a physical USB with their public key on it. Similarly, if one is an employee of a company they could physically do the same thing. One has enough real world interactions with people in the sort of circumstances described by the researchers that the thorny problems of key distribution are much simpler. However, I doubt almost anyone will implement this sort of thing since it is a change from the status quo which involves new technology to prevent what they may see as minor risks.
1. Re:So what is this an argument for? by SuricouRaven · 2011-09-09 05:11 · Score: 1
  
  The whole point of a public key is that it's public. The bank doesn't need to give you the key on a USB stick - they can just put it on their website. If someone actually tries to impersonate a bank website, then you can let loose the lawyers of war.
2. Re:So what is this an argument for? by jeffmeden · 2011-09-09 05:30 · Score: 1
  
  One obvious lesson for this is that using email systems that have autocompletes for addresses you've already used or have had replies from is obviously important. A lot of modern software does this although some does not (my university's default webmail application doesn't for example although gmail does).
  
  Don't forget the very real problem of someone's self-configured email client putting the wrong return address on everything. Although they "should" catch it quite quickly as they see a distinct lack of responses to any emails they sent out, it might not be enough for some people. More strict send rules for all values in the email header could probably eliminate 99% of this traffic from ever happening. Just set the server up to read the recipient, check for similar domains, and weight the domains by "legitimacy" (should be easy in most cases) and if there is a domain with a higher legitimacy than the one used rating the email is queued and the sender gets a note saying that they need to check the recipient and if they really meant to use that address they can click a link to send it on, and if not click a different link and it will be sent to the right domain.
  Its not perfect, but the right algorithm could catch a whole lot of this with minimal effort. Come to think of it, I smell a patent...
3. Re:So what is this an argument for? by JoshuaZ · 2011-09-09 05:37 · Score: 1
  
  That's a really good idea. And it shouldn't be that hard to implement. You could possibly have the software update for new companies. I like your idea a lot.
4. Re:So what is this an argument for? by XanC · 2011-09-09 05:47 · Score: 1
  
  Don't be so sure... One of our customers has her reply-to address set to an address pointing to a mailbox she never checks. She tells you her email address is X, and she does get mail addressed to X. But her emails come "from" (and "reply-to") Y. Y happily accepts mail, so there's no bounce or anything, it's just that it's a totally unused box at a no-longer-used domain.
  She doesn't seem to think this is a problem...
5. Re:So what is this an argument for? by Chris+Mattern · 2011-09-09 06:22 · Score: 1
  
  One obvious lesson for this is that using email systems that have autocompletes for addresses you've already used or have had replies from is obviously important.
  Another obvious lesson is that once you've sent mail to wrong address, autocomplete will helpfully fill in that wrong address next time.
6. Re:So what is this an argument for? by jackbird · 2011-09-09 06:39 · Score: 1
  
  AOL's webmail autocompletes EVERYTHING YOU'VE EVER TYPED that matches, including truncated and nonresolving email addresses. You have to manually dig into options and delete the duplicate/false 'contacts.'
This is not new by arunce · 2011-09-09 05:04 · Score: 1

Even I receive once and again this kind of emails, legitimate emails and almost all from the same people, once they make one mistake, more will follow. Sometimes I warn, sometimes I don't. I'm not their employee.
Common problem... by drosboro · 2011-09-09 05:05 · Score: 1

I get the same situation. I've got a ".ca" with my last name, and a Canadian lawyer with the same last name has the ".com". I get a bunch of their email on my "catch-all", which is awkward, given the confidential nature of things you may discuss via email with your lawyer.
1. Re:Common problem... by Abstrackt · 2011-09-09 05:40 · Score: 1
  
  To date, I've only met one lawyer who encrypted legal communications. You think it would be more commonplace than it is for exactly the reason you described.
  
  --
  They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
2. Re:Common problem... by Fnord666 · 2011-09-09 05:44 · Score: 1
  
  Confidential things? Over email? Is this 1983?
  Doesn't matter. There will always be failures in any manual process. About once a week I get multi-page faxes to my home phone number, destined for law firms in my home town, that contain confidential information. In those cases I contact the firm and forward the information to them in whatever manner they ask, then destroy my copy. Funny thing is that in most cases, the real fax number isn't even close.
  
  --
  'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
3. Re:Common problem... by Culture20 · 2011-09-09 05:49 · Score: 1
  
  If you *think* you're conversing with your lawyer, but it's really someone else, is it still privileged info?
4. Re:Common problem... by psydeshow · 2011-09-09 05:54 · Score: 1
  
  Anyone who can come up with a way to sign and encrypt email that makes sense to lawyers (my lawyer still uses AOL!) will make a helluva lot of money.
  They should have been doing it ten years ago. It should be illegal to send attoney-client privileged emails in plaintext. But guess who makes the laws?
5. Re:Common problem... by Bob+the+Super+Hamste · 2011-09-09 06:13 · Score: 1
  
  Have you ever tried contacting the lawyer suggesting that he use encryption. As you are in Canada and the lawyer is in the US you wouldn't be subject to the US laws. I have actually had a similar problem but where people try to send me thing but it goes to a different person in the company. Apparently there is another person with the same first and last name as mine in the company but they are over in England. If I ever get a chance to go over to England I may have to look him up. Every once in a great while I get some of his e-mail because someone selected the wrong one of us from the world wide address book.
  
  --
  Time to offend someone
6. Re:Common problem... by WorBlux · 2011-09-09 06:17 · Score: 1
  
  Yes, it it's addressed to the lawyer, but thats not to say how it might be used out of court.
7. Re:Common problem... by WorBlux · 2011-09-09 06:19 · Score: 1
  
  You can use imap to pull mail in from yahoo to his computer, and use any sane mail client with will encrypt outgoing mail (PGP extensions). Instruct clients to do the same or use hushmail (which does PGP automatically)
8. Re:Common problem... by drosboro · 2011-09-09 07:45 · Score: 1
  
  Actually, both I and the lawyer are in Canada (ironically, their offices are about a 10 minute drive from my house). And I have contacted them - spoken to one of their lawyers in person, actually, when my realtor used them to execute my paperwork when I bought my house... but, as other commenters have pointed out, they aren't too quick on the uptake with things like PGP...
9. Re:Common problem... by Imrik · 2011-09-09 09:46 · Score: 1
  
  Most likely it's because there is little incentive to use encryption. While there is the potential for public release, any supposedly private communications with your lawyer are subject to legal protections and can't be used in court.
10. Re:Common problem... by MichaelSmith · 2011-09-09 12:14 · Score: 1
  
  Perhaps you've heard of this thing called PGP, which more or less every mailer supports.
  Not Outlook.
  
  --
  http://michaelsmith.id.au
Large firms to monitor domain registrations by PolygamousRanchKid+ · 2011-09-09 05:08 · Score: 1

From TFA:

Kim said that out of the 30 doppelganger domains they set up, only one company noticed when they registered the domain and came after them threatening a lawsuit unless they released ownership of it, which they did.
I guess a domain registration police department will become common in large firms now.

--
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
1. Re:Large firms to monitor domain registrations by Monchanger · 2011-09-09 05:35 · Score: 1
  
  I guess a domain registration police department will become common in large firms now.
  That's been a good idea since companies first started building a web presence. It's part of your brand and you want to make it's not tarnished. It should be one of the responsibilities of a corporate IT security department alongside encrypting laptops and intrusion detection.
  Probably cheaper to outsource at least the detection part to a company who specializes in exactly that thing. I'd be surprised to hear no company provides such a service by now; especially registrars who deal with domain names 24x7 and certificate authorities who rely on domain name accuracy for security.
2. Re:Large firms to monitor domain registrations by blair1q · 2011-09-09 06:44 · Score: 1
  
  two things about it, though:
  1. getting all of the typo-domains near your trademark can be expensive or impossible
  2. if any are legitimate, you're just going to have to negotiate with them for what to do with missent emails
3. Re:Large firms to monitor domain registrations by Jeng · 2011-09-09 06:52 · Score: 1
  
  At my work we have people sending stuff to a similar domain on a regular basis. We have info@*****inc.com while his is info@*****.com , the owner of the domain is nice enough to forward on the emails at least.
  
  --
  Don't know something? Look it up. Still don't know? Then ask.
I own a domain name by rk · 2011-09-09 05:08 · Score: 1

That has a similarity in name to one of the US Navy's aircraft carriers. I used to get a fair amount of email for people on that ship. Nothing classified (I would've been really disappointed and shocked, but probably not surprised), but there was one sailor in particular who must've had quite a taste for porn because that address got so much porn spam it was amazing.
1. Re:I own a domain name by chinton · 2011-09-09 05:13 · Score: 1
  
  You're right, there is only one sailor with a taste for porn... ;-)
2. Re:I own a domain name by blair1q · 2011-09-09 06:46 · Score: 1
  
  The number with a taste for it is enormous. The number who don't know they can be disciplined for using the ship's internet connection to obtain it is closer to 1.
  In other news, Navy ships have internet connections. Not gob-smacking, but pretty cool.
3. Re:I own a domain name by nine-times · 2011-09-09 06:46 · Score: 1
  
  You would have been shocked but not surprised?
Stolen email? by bmo · 2011-09-09 05:13 · Score: 4, Insightful

No mail was stolen. It was delivered exactly where it was addresst.
It's the fault of the monkey behind the keyboard and nobody else.
--
BMO
1. Re:Stolen email? by Kreylix · 2011-09-09 05:28 · Score: 1
  
  Making the title of this post extremely poor.
2. Re:Stolen email? by Trax3001BBS · 2011-09-09 06:04 · Score: 1
  
  Your right. I was going to ask why these Researcher's weren't being charged,
  but they did nothing wrong.
3. Re:Stolen email? by Jeng · 2011-09-09 06:39 · Score: 1
  
  They may not have broken any laws, that remains to be seen. However, it's clear what they did was unethical and they did not act in good faith. They knowingly attempted to receive misaddressed e-mails. That's not ethical behavior.
  
  They were attempting to quantify how much a problem this is. Can you suggest other ways this could have been done that you think would have been more ethical?
  
  --
  Don't know something? Look it up. Still don't know? Then ask.
4. Re:Stolen email? by Darinbob · 2011-09-09 07:09 · Score: 1
  
  But the recipient was fraudulently pretending to be someone else. This is not a case of accidentally having a similar email address, instead the domains were created specifically to intercept misaddressed email. The con man should be considered guilty and not blame it solely on a naive victim.
5. Re:Stolen email? by bmo · 2011-09-09 09:14 · Score: 1
  
  >But the recipient was fraudulently pretending to be someone else
  Nope. Nobody was representing themselves as "important.institution.com," they were representing themselves as "important.insttution.com"
  It's the old whitehouse.gov/whitehouse.com "problem."
  Even the US government couldn't make whitehouse.com change their name.
  --
  BMO
6. Re:Stolen email? by bmo · 2011-09-09 09:42 · Score: 1
  
  I have to append this. The only way to get someone to change his/her domain is trademark law and icann dispute resolution.
  If it's not dispute resolution through icann, then there's no changing it.
  --
  BMO
This is why I turned off my catch-all by Quila · 2011-09-09 05:14 · Score: 1

My domain is a letter off from a big company's, and I used to get what looked like pretty sensitive email all the time. After a few attempts to tell employees to stop doing it, I just turned off the catch-all.
1. Re:This is why I turned off my catch-all by Animats · 2011-09-09 05:40 · Score: 1
  
  Me too. I have a .com domain which is the same as a school domain in .co.uk. I used to get a fair amount of their mail, until I turned off the catch-all address.
  (That was years ago. Today, if you have a catch-all address, you get to see the same spams come in for a long list of common names.)
2. Re:This is why I turned off my catch-all by laejoh · 2011-09-09 07:15 · Score: 1
  
  That's exactly why I have a xxx domain!
Re:People are dumb, so... by tomhudson · 2011-09-09 05:18 · Score: 1

1. Enable catch-all email accounts on all domains you own
2. ...
3. PROFIT!
20 gigs sounds like a lot, but since these were corporations, you can expect that a lot of them were huge Microsoft Word attachments with one-liners like "Peter: Remember to complete your TPS report by Friday." and equally vacuous Powerpoint slide decks. And people trying to email DVDs. And pr0n - lots of pr0n, if it was government employees.
This reminds me by ThatsNotPudding · 2011-09-09 05:19 · Score: 1

must check if Slashdot.xxx is still available.

Hmm, on second thought, no one would ever go there.
1. Re:This reminds me by blair1q · 2011-09-09 06:47 · Score: 1
  
  They will if I squat on Slashdot.Com at the right time...
Self funding research by RNLockwood · 2011-09-09 05:19 · Score: 1

"The intercepted correspondence included employee usernames and passwords, sensitive security information about the configuration of corporate network architecture that would be useful to hackers, affidavits and other documents related to litigation in which the companies were embroiled, and trade secrets, such as contracts for business transactions."
I wondered how they could pay for their research in this era of vastly reduced funding - it's self funding!

--
Nate
1. Re:Self funding research by Riceballsan · 2011-09-09 05:29 · Score: 3, Interesting
  
  Better question, why are high end companies sending top secrete confidential data over normal unencrypted e-mail. Even your bottom of the line MMORPG sends a note to it's users saying a GM will never ask for or send your password via e-mail, but our fortune 500 companies can't match that level of security? Typical e-mail passes unencrypted past so many hands it isn't funny, the typical e-mail from home to work, passes unencrypted across a wifi network, that may or may not be compromised if it was even bothered to be secured, to your ISP where low wage monkeys may or may not have access, accross the cloud where it will pass through unknown number of nodes, to the entery mailservers at said company, that may or may not be managed by medium wage contractors that know they only have the job for a few months at best anyway, finally to the person who it is intended to go to. Yeah I see no reason to think twice before sending my SSN CC# and confidential data through an e-mail.
2. Re:Self funding research by blueg3 · 2011-09-09 06:19 · Score: 1
  
  Better question, why do email applications default to sending unencrypted e-mail in the first place? The default should be encryption turned on.
  You can't default to something that requires a preliminary exchange of information. While you can encrypt the SMTP exchanges, the e-mail itself can only be meaningfully encrypted if the recipient transmits his key to the sender beforehand (using a mechanism that prevents a man in the middle attack on the key exchange).
3. Re:Self funding research by blair1q · 2011-09-09 06:48 · Score: 1
  
  They reported in their findings the emails sent to people who didn't pay.
  Note the absence of any mention of pr0n or affairs.
4. Re:Self funding research by blair1q · 2011-09-09 06:49 · Score: 1
  
  It didn't say "top secret". It just said sensitive security info. What's significant gold to a h4xx0r may be gibberish to some, or mundane to those who requested it.
Re:People are dumb, so... by jandrese · 2011-09-09 05:21 · Score: 2

Also, chances are 99% of that was spam.

--

I read the internet for the articles.
Both my wife and I regularly receive email... by manonthemoon · 2011-09-09 05:32 · Score: 1

intended for others. I have a full name @mac/@me account and my wife has a full name @gmail.com and I assume these people chose 1stnameLastname+1 account names making it very easy for their friends and business acquaintances to wrongly send us their email instead. I've gotten sensitive business information, invitations to exclusive events (unfortunately in the UK so I can't attend) . My wife has had an interesting time unintentionally following the life of a New York mover and shaker.
We don't know the real recipients actual email addresses so we can't warn them and have to read our own email to find out if it is intended for us or not so we can't help but read their email. Interesting conundrum.
This research result is not at all surprising- it is the same thing, just at a bigger scale and deliberate.
1. Re:Both my wife and I regularly receive email... by Registered+Coward+v2 · 2011-09-09 05:48 · Score: 1
  
  intended for others. I have a full name @mac/@me account and my wife has a full name @gmail.com and I assume these people chose 1stnameLastname+1 account names making it very easy for their friends and business acquaintances to wrongly send us their email instead. I've gotten sensitive business information, invitations to exclusive events (unfortunately in the UK so I can't attend) . My wife has had an interesting time unintentionally following the life of a New York mover and shaker.
  We don't know the real recipients actual email addresses so we can't warn them and have to read our own email to find out if it is intended for us or not so we can't help but read their email. Interesting conundrum.
  This research result is not at all surprising- it is the same thing, just at a bigger scale and deliberate.
  I have a similar problem from time to time with my gmail account. In addition to your comments, some people seem to think that first.last and firstlast at gmail are different email addresses, as a result I periodically get emails for people who screwed up signing up for an online account, and since the company gladly accepted any email address as unique as long as it didn't match an existing one, signed me up.
  When it obviously an error I replay saying - pops wrong person. All but one generally reply with a thanks. There was though, one luser who insisted *he* had the right email address and went so far as to suggest, when I asked him to simply verify the address with the person (it was a small private school), I change *my* gmail account because he *knew* his emails were going through. So, off to junk went any emails from his domain, since I learned a long time ago that stupid was unfixable. I figured sooner or later the real recipient would miss something important and fix the problem. Eventually, the emails stopped coming, so i guess he figured it out.
  
  --
  I'm a consultant - I convert gibberish into cash-flow.
2. Re:Both my wife and I regularly receive email... by Jeng · 2011-09-09 06:44 · Score: 1
  
  We don't know the real recipients actual email addresses so we can't warn them and have to read our own email to find out if it is intended for us or not so we can't help but read their email.
  
  You can find the real recipients actual email addresses with just a little leg work. Just reply to the sender and let them know the situation and ask if they could send you the correct email address or other contact information.
  
  --
  Don't know something? Look it up. Still don't know? Then ask.
3. Re:Both my wife and I regularly receive email... by Darinbob · 2011-09-09 07:16 · Score: 1
  
  I have received email meant for someone else for over a decade. This comes from different sources, almost all of it advertising for a particular town and a few makes of automobiles or mortgages. My email is something like "john@abc.com" and easy to remember by any and all, since I snagged it early before all the rush to get email addresses. I suspect this other person filled out some forms with this email address even though his actual address is "john.smith@abc.com" or "john3317@abc.com" or something like that. Or maybe he is even deliberately given out a phony email that sounds sort of like his name, so that he can keep the sales goons happy but not get any spam.
4. Re:Both my wife and I regularly receive email... by ImprovOmega · 2011-09-09 11:35 · Score: 1
  
  I feel obliged to point out that 'abc.com' is an actual domain name. They've actually reserved example.com for just such uses as this. This way, if there actually is a |john|.|smith|at|abc|.|com| he won't get scraped up by a spambot from your illustration.
doppelgänger by TangoMargarine · 2011-09-09 05:48 · Score: 1

No reason to waste a perfectly good umlaut, right?

--
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
steal is a little strong by YesIAmAScript · 2011-09-09 06:03 · Score: 1

They captured 20GB of email.
They didn't really steal it, people addressed the email to them, they just did it errantly.

--
http://lkml.org/lkml/2005/8/20/95
1. Re:steal is a little strong by MichaelSmith · 2011-09-09 12:11 · Score: 1
  
  I am made to use MS exchange and outlook at work now. Outlook maintains some local cache of email addresses for autocompletion purposes, and when it proposes recipients it hides the domain names. Some of our engineers work on site with our customers and use the customer IT systems so when send mail to a co-worker I have no way to know if this is their internal account or their on site account. I complain to IT about this but they just shrug. If a domain with a typo gets in to the cache I may never know that it is there.
  
  --
  http://michaelsmith.id.au
Not surprising by YrWrstNtmr · 2011-09-09 06:25 · Score: 1

I have a very short (3 letter) AOL email address from days long gone by. I still check it every other week or so. I've been on a boy scout troop mailing list a few states away, a kindly grandmothers All Family contact list, and a few mislabeled business communications, most notably, someone buying a car in England.

I emailed one guy back who was writing to his military son. He got all kinds of pissed off, and accused me of 'intercepting his emails'. Sorry dude...YOU screwed up.
I always try to email them back to correct the problem, and usually they do.
1. Re:Not surprising by MichaelSmith · 2011-09-09 12:07 · Score: 1
  
  One list I was on (maybe a java community list or some such) was got used for trolling. Somebody subscribed this guy to the list and he went absolutely psycho whenever he got a message, which was every five minutes or so. After a few attempts at helping him unsubscribe the list admins just quietly removed him.
  
  --
  http://michaelsmith.id.au
2. Re:Not surprising by cffrost · 2011-09-10 22:31 · Score: 1
  
  I emailed one guy back who was writing to his military son. He got all kinds of pissed off, and accused me of 'intercepting his emails'.
  What an asshole. Here's what I would have wrote back:
  Dear Parent, I regret to inform you that your son was killed in action while on latrine duty. His death has been ruled a suicide, as he was found partially submerged in a latrine bowl. His corpse was buried at sea, as this was the most expedient way to dispose of it. -Sgt. Slaughter
  
  --
  Thank you, Edward Snowden.
  
  "Arguments from authority are worthless." —Carl Sagan
Re:People are dumb, so... by interval1066 · 2011-09-09 06:27 · Score: 1

People aren't dumb, just busy. I do recognize the need for people to do their own due diligence to some extent but comments like yours, no offense, paint people as a bunch of sheep lamely pushing at buttons. The true picture is that these are by and large very busy people conducting business with a multitude of contacts and business correspondence that they have to perform every day, and not all of them, in fact very few of them, are really very IT savvy. IT isn't their business. And its usually not a matter of simply pushing buttons; many times its copying, pasting, attaching forms, scanning, and typing new contact names into contact books. With millions of people conducting transactions on the web every day some domains are going to get munged. Yeah, they need to make sure they are addressing their business correctly, but simply painting them as "dumb" is dismissive and disingenuous.

--
Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
Re:People are dumb, so... by Drencrom · 2011-09-09 06:38 · Score: 1

They do the same with SSH. The other day I mispelled homelinux.org (that's a dyndns domain) and ended up in some server asking my password. They listen to SSH for all domains *.mispelled-homelinux.org (I don't remember the exact name) and harvest logins and passowrds. Luckily I only allow public keys in my home router so I could notice.
Typing is the solution, not the problem. by Medievalist · 2011-09-09 08:13 · Score: 1

I administrate several email domains.
The people who turn off autocomplete and type all their email addresses by hand do not make these mistakes, because they have significant amounts of practice typing them correctly.
The people who use email clients that remember and autocomplete addresses don't ever integrate the RFC822 parse logic into their brains or fingers, so they always type .com for .net and .org addresses, and they always type smith when they mean smythe, and then forever after their mis-populated contacts list misdirects their email.
Seriously, decades of experience here; I remember when SMTP was an exotic protocol. I get many error messages every day from the email servers, and many of those errors are from misaddressed messages, and the people responsible simply are NOT the ones typing in email addresses from memory. It's the contacts list people, always, nearly every single time.
Re:People are dumb, so... by PoopCat · 2011-09-09 08:23 · Score: 1

but simply painting them as "dumb" is dismissive and disingenuous
You *really* must be new here.
Re:People are dumb, so... by interval1066 · 2011-09-09 08:27 · Score: 1

Yeah, that's a good argument. Another one is "People are dumb", and as lame as "I'm too tired to get a glass of water, why don't you get if for me."

--
Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
Re:People are dumb, so... by Scoth · 2011-09-09 09:07 · Score: 1

Could be lots of reasons. I'm not sure it'd be the same now, but when I was doing home end-user tech support in the late 90's and early 2000s a lot of people genuinely didn't get that email didn't work like the postal service where typos would likely be corrected and the mail still get where it was going. I was yelled at by more than one (mostly older) person who didn't understand why their email didn't arrive after we "fixed it".
I kind of expect it's also just a lot of people don't know/don't care and aren't paying attention.
Based on the traffic through our mail gateways by SkimTony · 2011-09-09 09:08 · Score: 1

That's an underestimate. Sadly.
Did this at an old employer by cluedweasel · 2011-09-09 09:08 · Score: 1

I used to work for an Infiniti car dealership. I noticed how many people referred to the brand as "Infinity" instead, so I registered an alternative to the dealerships domain with the last "i" changed to a "y". That domain received well over 50 e-mails a week, not just sales inquiries, but finance and corporate mail too. Management weren't too happy, but I pointed out that it was better I'd registered it than someone outside of the company.
1. Re:Did this at an old employer by lsatenstein · 2011-09-10 11:45 · Score: 1
  
  Did you charge stamp money to deliver the mail to them?
  
  --
  Leslie Satenstein Montreal Quebec Canada
1-800-OPERATER, anyone? by rocket+rancher · 2011-09-09 10:22 · Score: 1

Reminds me of MCI typosquatting ATT's operator-assisted collect call service, 1-800-OPERATOR, by using 1-800-OPERATER. It was about twenty years ago, but I do remember ATT changing that promotion to 1-800-CALL-ATT, after losing something like half a million dollars to MCI in the first month because of poor spellers.
I get a lot of that by MichaelSmith · 2011-09-09 12:01 · Score: 1

I own netapps.com.au for my own business and back in the day I got a lot of email intended for netapps.com. I always notified the originator of the mistake. Bounce spam is so common these days that I configure my mail server to accept all mail. I never bounce for address unknown.

--
http://michaelsmith.id.au
Re:I've been doing this for more than two decades by MichaelSmith · 2011-09-09 12:03 · Score: 1

Back when webrings were popular was contacted by a guy who wanted to create a Michael Smith webring. I think we had about fifty members. Thats not bad considering that everybody had to have their own web site and this was in the mid 1990s. Don't ask me about creating a "smith" webring though.

--
http://michaelsmith.id.au
Re:People are dumb, so... by mlts · 2011-09-09 13:05 · Score: 1

I do key authentication over the Net for the same exact reason. If I log into the wrong site, who cares if they get a public key ID or material, unless they have a TWIRL machine or a quantum computer to factor keys in logarithmic time.
Plus, it is only common sense to have public key only authentication, especially with all the brute force attempts done these days. Of course, systems like SSHGuard or custom scripts to have iptables deny IP addresses are useful, but nothing beats completely locking out an attack avenue completely.
Re:People are dumb, so... by reub2000 · 2011-09-09 14:07 · Score: 1

Really, store e-mails in an address book. It should also be obvious that any e-mail addresses communicated verbally are prone to typos.
I guess the other question is why such sensitive stuff is being sent in an e-mail in clear text.
Re:Doesn't appear to apply by duguk · 2011-09-09 16:07 · Score: 1

And in fact "typosquatting" does happen in the UK with real physical mail and it is not illegal.
One of the obsolete UK railway companies ceased to legally exist. Making it possible to create a new company named that. Somebody did so, presumably intending to some day create merchandise which would legally use this significant name, which would have some cachet in the hobbyist market, but wouldn't cause any real confusion.
But instead they got piles of mail intended for whatever railway company was currently responsible for this or that problem somewhere in the country. Demands for payment of utility bills, requests for authority to dig things up, and so on. They opened these letters, and they wrote very caustic replies, pointing out the foolishness of sending letters to a company based on the fact that it has the same name as a company which was at some previous time responsible for something.
After a while they got threatening legal letters, and they began writing back to the client (not the lawyer) pointing out that a lawyer who can't even send their threatening letters to the right people is maybe not worth hiring. This resulted in even more useless threatening legal letters.
I'm fairly sure I've heard of this. But this new company wasn't deliberately set up for confusion; and it has no other running company to be confused with. If the company name or addressee is the same, it would be difficult for them to know it was a misdelivered package.

Its not relevant whether it was delivered to the right box; because the law clearly states "without reasonable excuse, opens a postal packet which they know or suspect to have been delivered incorrectly".

That is, unless you can think of a way of ensuring post is misdelivered to you, whilst making sure you never even begin to suspect that it wasn't meant to be delivered to you.

My reply was meant to be a poke at the lack of knowledge surrounding the postal system (the OP was misinformed over the law), and how these laws cannot be related to email. However, if you want to apply them - you can't simply interpret them how you want. This thread has taken it way too seriously and completely missed the point.
Re:People are dumb, so... by keitosama · 2011-09-09 19:33 · Score: 1

Not when accessing a misspelled domain name, but being the first connection to a new server, SSH would ask if it should add the keys to known_hosts.
PGP by xororand · 2011-09-09 21:30 · Score: 1

That's what you get for not using PGP.
If you send secret corporate information on the equivalent of postcards, you have no right to complain.
Re:People are dumb, so... by wwphx · 2011-09-10 09:51 · Score: 1

SUDO Get me a glass of water.

--
When you sympathize with stupidity, you start thinking like an idiot.
Re:A similiar situation, different media. by SkimTony · 2011-09-12 02:15 · Score: 1

My grandmother has a home number that was a prefix off from a local movie theater (they have long since changed it). They received a lot of calls for a while, and answered with something along the lines of "No, the correct number is ___." My grandfather had asked the theater to change their phone number, and they refused.
So, since they were uncooperative, my uncles decided to stop being helpful when people called the wrong number. They had a lot of fun making up fake movie times, fake movie names, and bogus specials (Bring a friend for free on Tuesdays! Get free popcorn if you give the following password between 5 and 6 on Saturday night!). Ah, to be a fly on the wall when those patrons walked into the theater...