>The username on the domain doesn't matter, only the domain itself.
Of course it matters if it means that it wasn't actually sent from the domain in the first place and there were no "hacks" involved. You said "emails sent from your domain..." but you do know the "From" address in standard email is utterly meaningless from a security perspective right? You can just
and that's it. There are ways to mitigate that these days and someone can always examine the headers of something suspicious but a lot of older desktop clients and mailservers won't.
Your entire (dubious and uncited) assertion rests on an assumption that it was in fact "sent from their domain". If someone forged it instead then it doesn't even get into law at all, OP simply had nothing to do with it period. Their account wouldn't have been hacked, neither they nor their kit would have any involvement.
Additionally, it could very well be that one of the letters in the domain name looks like but isn’t one of the normal English ascii characters. I’ve seen scans like this before — they are visually indistinguishable (or extremely close to, eg I’ve seen one that had a tiny dot above the character it was mimicking) from the real thing, but are a completely different Unicode character.
But if you don’t check the email headers, emails are easy to spoof, hell, I did it when I was a kid...
> but you do know the "From" address in standard email is utterly meaningless from a security perspective right?
That would be the argument as to why the domain owner would have a duty of care when also using the domain to send legitimate business email. Again I'm not saying there is a duty of care here, I'm just saying that it's not obvious to me that there isn't one.
This is one of the most hilariously wrong things I've ever heard of. So if I send an invoice to billing@facebook.com and reply from (my account) uh_what@facebook.com agreeing to the terms, Facebook legally owes me the amount on the invoice?
Clearly not. It's a general principle of law, not an ATM machine.
E.g. employers are on the hook for damages due to sexual harassment among their employees, but that doesn't mean you can sexually harass yourself and then automatically collect free money.
Of course it matters if it means that it wasn't actually sent from the domain in the first place and there were no "hacks" involved. You said "emails sent from your domain..." but you do know the "From" address in standard email is utterly meaningless from a security perspective right? You can just
and that's it. There are ways to mitigate that these days and someone can always examine the headers of something suspicious but a lot of older desktop clients and mailservers won't.Your entire (dubious and uncited) assertion rests on an assumption that it was in fact "sent from their domain". If someone forged it instead then it doesn't even get into law at all, OP simply had nothing to do with it period. Their account wouldn't have been hacked, neither they nor their kit would have any involvement.