Re: Spam Question
It's almost unheard of for spammers to hack into an ISP's mail servers. The usual trick is to launch a dictionary-based attack which sends a bunch of emails to a number of different permutations and which have a forged reply-to address.
Permutations that bounce are assumed to be bogus, those that aren't are assumed to be possible matches and are flagged for inclusion on a hit list. That hit list may be further refined or used as-is by the spammer and/or be resold to other spammers.
ihose people who actually request to opt out will actually end up having their email addresses tagged as confirmed and are added to a different list. Because that particular list is made up of confirmed users it can be resold at a higher per-user price than the first list type.
Spammers also mine mailing lists, forums, Usenet postings, whois records, conference attendee lists, and just about any way they can think of that can be mined online by a bot. Bots are pretty clever at stripping out email addresses, so if you're going to try to obscure it don't be obvious, johndoe(at)msn.com isn't hard to guess.
Lastly, it's not hard to forge a name (it's optional) in the To: field of an email address. If you look at the actual headers you will see the bogus name, but you will also see your correct email address.