Forging the Delivered-To line could be to Mr. Spammer's advantage, because
he could send millions+ of messages to addresses that use vpopmail, and
could depend on the bouncing to deliver his mail; just spoof the envelope
recipient/from and wala.
Not only that, but it gives information about the system's directory structure, which I always thought was a BAD thing.
(As an entirely separate bug: could the directory structure *not* be given to people who shouldn't see it?)
This could be done in vdelivermail code. It would just return a message_is_looping: [EMAIL PROTECTED]