The investigation was launched after Computerworld notified the county on July 6 that Robert Carlesten, managing director of Internet company Ord&Bild AB in Karlstad, Sweden, had produced dozens of e-mails that he said had been arriving at his Internet.ac domain regularly for the past two years. Carlesten said he responded to the senders of the e-mails on multiple occasions to inform them of the problem but never received a reply.
...
According to Whittington, the glitch stemmed from the county's Internet naming structure, which includes ".ac" for the auditor controller's office. "Now we need to research who has the bad address book that has this address," he said.
Whittington said his office was never directly informed about the problem by Carlesten and noted that any county employees who may have received e-mail responses from Carlesten never brought the matter to his attention.
This apparently went on for over 2 years. Makes me wonder how many security breaches that are blamed on MS (etc.) are really just careless mistakes like this...