I get a ton of misdirected email, but for different reasons.
The first is that I have a common nickname @gmail.com. There are many other users with some variation on that nickname @gmail.com, and people are careless about typos, including suffixes, etc. It's a similar cause to the article, but the username instead of the domain.
The second case is a more interesting one:
I bought an expired domain.
Now I get all kinds of email sent to what used to be legitimate email addresses of the old domain owners. For more than one of them it was clearly their primary email address. I was getting emails related to bank accounts, Netflix, Facebook, etc. I thought about trying to get in touch with those users, but ultimately decided to bounce their email.
It was something I hadn't considered when buying an expired domain, or about my own email addresses, but it's a real problem. Here's hoping my email provider never lets their domain expire.
I get a ton of email to my own gmail, which is just my first initial & last name. I didn't realize there were as many people out there sharing them until I got that email. One that bought a car about 6 months ago, one a cell phone, etc. Since I have no way of contacting these people and it's not a domain where I can block out certain addresses, I will usually get at least one email a week where I go uh, what is this? For a while I kept getting building floorplans in progress from one company as it seemed they all used a common address book with the incorrect email added.
To beat the old drum: Email isn't intended to be secure anyway. Relying on email addresses to maintain privacy and authenticity is like relying on Caller ID to verify callers' identities. (See spoofcard.com.)
Yeah, it's still shocking to me how many fortune 500 companies still don't understand how vulnerable they are to simple hacks like this. I would've thought it would be SOP (standard operating procedure) to encrypt their email years ago.
I guess a normal level of paranoia hasn't quite reached those companies yet huh?
I think the closest analogy we have is that someone purchased a house at 1 Lian Street, and is receiving mail sent to them that the sender had meant for 11 Ian Street.
Aside from the intent of the purchase, there's really nothing wrong with that. The mail was sent to them, after all, and without the intent it could easily just be an accident.
If nobody lived at 65 you'd get "return to sender" or similar. The point is receiving mail is a passive act, interception is not.
Regardless of the researchers' intentions, somebody has a responsibility to address their mail correctly. I get enough email from my namesakes to (first).(last)@gmail.com to know it's not the recipient's responsibility.
Yes it is. You can intercept something for good or for ill, there's no connotation there, but it does imply some degree of intent to capture something.
These researchers fully intended and expected to capture some e-mails. They didn't want to steal them, they weren't doing anything wrong, they just wanted to see how many e-mails they'd get and write a paper. I'd say intercepting the e-mails is at least a better description than theft.
Because the researchers were registering domains contain trademarks or derivatives of the trademarks for the specific purpose of intercepting email, this would qualify as IP infringement. I think it would be pretty easy for any of these companies to win a civil court case. Of course, its not these researchers that they should be worried about.
Shameless (and I mean shameless) plug for my latest project that collects statistics on what domains people mistype: http://typed.it/ (Log in with demo@typed.it/demo for full access.)
Slightly OT but interesting. This was true a year ago, unsure if it is still in effect today.
In Gmail, if I send an email to Alice and Bob, but modify Alice's name to "Anne" (or anything else) in the email's "To:" field, and Bob replies all, Gmail saves the change to Alice's contact information in Bob's user list. Alice will now show up as Anne in his google talk and in his contact list.
The first is that I have a common nickname @gmail.com. There are many other users with some variation on that nickname @gmail.com, and people are careless about typos, including suffixes, etc. It's a similar cause to the article, but the username instead of the domain.
The second case is a more interesting one:
I bought an expired domain.
Now I get all kinds of email sent to what used to be legitimate email addresses of the old domain owners. For more than one of them it was clearly their primary email address. I was getting emails related to bank accounts, Netflix, Facebook, etc. I thought about trying to get in touch with those users, but ultimately decided to bounce their email.
It was something I hadn't considered when buying an expired domain, or about my own email addresses, but it's a real problem. Here's hoping my email provider never lets their domain expire.