foone, the thing with the .zip controversy is that it probably wouldn't be too hard to get a list of registered domains and do HTTP requests that look like they're coming from gmail and the like, looking for anyone misusing it for spam.
but do I really want to get into the security field? I have tried so hard to avoid it.