I was running some tests the other day on an email script I was writing and sent a bogus message out to test the results. When nothing came back to my domain name in any way, I went back to see how it was addressed. I had misspelled my domain name and after doing an nslookup, I realized that the misspelled domain was owned by another individual. After that, I started to look up some other well-known misspellings and created this small list of domains that are valid domain names:

microsfot.com
mictosoft.com
compac.com
yayoo.com
yaho.com
nahoo.com
gahoo.com
conpuserve.com
cmpuserve.com
yotmail.com
wrldcom.com
nci.com
aoll.com
ivq.com
cnnn.com

and even...
amtionline.com
anrionline.com

While I'm sure that some of these names might possibly be innocent coincidences, I am wondering how many of these have been purchased by corporate spies. Not to sound like some conspiracy theory, but this sounds to me like a great tactic to potentially intercept some juicy internal memos! If you work at a large corporation, you know how much highly confidential email is bounced all over without encryption because people believe it to be "just internal". The company I work for (who shall remain nameless) has a very common misspelling of their name, and even that domain name is taken. Everything I send to that domain (either by accident or by design) stays at that domain. I never get bounced messages. Obviously, that domain name has one of their addresses set up as a "catch-all" to receive all misdirected emails.

My question is this: Would a company (like Microsoft) have grounds to sue the owners of a misspelled domain name (like microsfot.com) for distributing (or in some other way using) any corporate secrets that were intercepted by them because some employee of the primary company carelessly misspelled the domain name, or is this just part of the cost of doing business without encryption?