This happened to us about five years ago. Someone registered a typoed domain and put up an SMTP server. They then collected bunches of emails and sent them all to the CEO with some bogus note about how the domain was for their company but it was getting our email. (It had been registered six months earlier.) They offered to sell us the domain for $10,000.

The emails that really caught our attention were the ones from employees to employees. They were typing full email addresses manually instead of using the Outlook address book and didn't spell the domain correctly. Customer lists, contracts, disparaging comments about management, you name it.

There also were ones from customers. Personally, it sounds like a good way to collect competitive intelligence. :-)

The company wanted to buy the domain and register dozens of other possibilities. We convinced them they couldn't technically fix a stupidity problem.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/685/2382#2382