While not as intensive nor intrusive as this, we recently ran an exercise against our users, warning them of a potential virus that was incoming, describing it as coming from "Super-User <root@mydomain.com>", the subject line, and sample message text, and advising them not to open it (and if they did open it, not to click on the attachment).
When I created the email, the return address shown (via OE) was indeed root@mydomain.com, but the reply to: address was the entire organization's DL. (FYI: I created an HTML email that included an image from my webserver so I could read the logs to see who opened it, and included a readme.txt-space-space-space-space-space...space.html file with META redirect tags to an internal webserver's page that said "Yeah, you shouldn't have done that..." - and I could check the same logs to see who clicked the attachment.)
Suckers, umm, "errant users" that opened it, realized they screwed up, and wanted to chew me out, replied to the whole organization (4500+ on the DL) (rather than the fictious "root" account) and were promptly embarassed when everybody read their nasty comments.
A good time was had by all in our division. Senior management was not really amused, probably because they were up there in the top offenders list.
(To keep this moderately on-topic - no noticable impact to my six Exchange 5.5 servers, as the majority of good users actually deleted the mail upon receipt, and emptied their deleted items folder as well, which is something they hardly ever do!)
Microsoft
