To clarify the position in UK law, take a look at .

The UK legislation does also make it illegal to forge the 'from' address, so I believe what steve.milner is doing is now technically illegal.

Wouldn't have thought this would be a problem in practice, as the legislation is designed to catch people using phishing or similar techniques - so sending emails claiming to come from e.g. - either directly or via any hijacked zombie PC is now an offence, regardless of the content of the emails.
Better have that 5K ready just in case

It is still perfectly legal to set up as many email accounts as you wish with any ISP using whatever random user names you choose. If you are using them to send sensitive information the use of an encryption product like PGP is also perfectly legal.

I don't buy the argument that what the EU is doing will have no impact - the other 9 EU countries will have to enact this 'directive' into their local laws - effectively a 'directive' is a law passed by the federal part of the EU, and it is mandatory for all member states to introduce it.
This does include a requirement for an 'opt-in' to receive emails for your average home user, rather than the pointless 'opt-out' that recently became law in the US.