Since I entended this to be an example only, it was not a hostile message and the message just went to me on another machine. Had this been a hostile applet, the message could have been anything, and the message could have been directed to [ insert the name of your favorite political leader, religious leader, or other name here ] . Alternatively the message could have been sent to a Usenet news group. There are lots of possibilities.
Look at the Java console for a listing of the transaction. Note again that if this were a real "hostile applet", I would not have echoed the transaction back to the console. The applet could have just been part of a simple animation with no indication that mail had been sent.
I'll put the ( tiny ) source here when I clean it up. Note that this does not violate any Netscape or Java security policies. It works within the existing SMTP and Java bounds and is just an example of what can be done. This example doesn't expose anything that couldn't have been forged before Java, but it does make the point that your computer can now be an active participant in these types of hacks.
Note also that the mail comes only from your machine and not your username. I just stuck in "root" as the username. I could have attempted to parse the output of the "finger" command mentioned below to get a username, but I didn't spend the time.
I'm trying a new information gathering strategy ( finger ) . Most of
the time it doesn't work because the client side is not running a finger
daemon :-( , but 20% of the time or so they are :-) . I'll update the source
when I have the code finalized.