My point is that nothing's stopping those from being sent now.
Yes, I know BUT it doesn't take a genius to realize the success rate would be much higher when your customers are receiving legitimate email at the same time.
Do you want to explain to a customer why there domain has been transfered to a company in the Cayman Islands and is being used by a porn distributer?
Do you really trust the same company that ask for your login and password, over plain httpd to handle this without a problem?
I'm making noise now so hopefully they will think a little before they start sending easily forged request for information.
