Thing that bugged me the Gov own various formats of that domain name, so someone has to have access to it. Insider?
[Warning: This post contains what might be considered techno-mumbo-jumbo. But I hope it helps anyway]
Actually, no, not an insider. The thing is, the e-mail protocol that the whole world currently relies on, is massively out of date. It was first defined in 1982, when the number of computers on "the internet" were vanishingly small compared to today; a valid analogy I think would be one of those small isolated villages where everyone pretty much knew everyone else. So the SMTP (Simple Mail Transport Protocol) was born - and it WAS simple. No security at all. Any computer, in fact, could create an e-mail that purported to be from anybody, to anybody, and the system just delivered it.
Fast forward to 2014, and many servers still accept basic SMTP mail without questioning where it came from, or how it got there. Instead, most mail servers now run various anti-spam measures, which catch a mail as - or after - it has arrived & deal with it then, instead of rejecting it at source.
One day, someone will perfect e-mail security, it'll slowly be adopted worldwide, and then hacked just as effectively as SMTP... such is the nature of the internet...