Yup, and that's how most of us feel... It's the fact that it's reached the point where *anybody* that has your mail address and has been infected by such a virus can cause the virus to initiate replication purporting to originate from you. Your system may be as secure as you feel you need, but can you guarantee the same kind of committment from *everyone* that knows *your* mail address?
The scope of this isn't completely limited to the *people* that have your mail address, as such. It may be recovered from an infected system that you have provided the details to, or a web page that details this information. It's difficult to get around this, although if you have your own domain name, things can become a little easier to manage. For instance, when subscribing to nthellworld.co.uk, you could use a mail address of
nthellworld@yourdomain.com. If you have a reasonable domain management system in place and begin to receive spam to this address, you simply dev/null it so that the system reacts as though the address doesn't exist. You then *know* the source of the spam, as you wouldn't provide this unique address to anyone else.
Of course you may then wish to add a different address to the service so you're not completely blanked - but by this point you can seriously question the service providers as to how this address was 'leaked'. Do this for every online service that you subscribe to and things become a lot more manageable. Indeed, you don't neccessarily need POP access to each address, manage it in a way that it's easy for you to retrieve - try forwarding mail for all such addresses to one manageable mailbox and manually keep an eye on what the destination of the mail is supposed to be and act accordingly when the integrity is breached. Combine this with the use of reasonable spam filters and Bob truly does become your auntie
I don't think we're really going to find a 'cure' for this, just different ways of managing online personas to increase damage limitation.
