EVE General Discussion

Because that's the way the SMTP protocol works (or fails to work in the case of "joe jobs" and "forgery") - unless your mail server checks something like SPF, SenderID, DKIM to verify that the sending server's IP is allowed to say that they are XYZ. Without those checks, anyone can pretend to be anyone else in the sender fields (there's no central authority, nor should there be).

Note: eveonline.com does publish a SPF record, and it is set as "-all", so complain to your mail provider for not doing SPF tests and tagging failures as spam (or just blocking them at the ingress point).

Some basic security options.

First create a Email account for your EVE subscriptions with a reputable company (NOT GMAIL, YAHOO, etc)
Second update your profile(s) with the address.
Third don't give that email address out to anyone else.

Problem solved.
Now only CCP and the company who is hosting your email will know what it is.
You should never receive any of the emails the OP is talking about and if you do the list is rather short of who leaked it.

I have received the same email with the character transfer. This is not the mail service's fault. And in many cases not the user's fault either since he didn't break any rules in the EULA. The email addresses might have been obtained in the last attack that we all remember, when all the servers went offline for days to prevent data loss. Well it seems they did got something and it wasn't as CCP advertised that there were no customer information loss.

My point is that CCP should take direct, active measures against the phishing sites instead of doing almost nothing like telling us not to click the links. This is what we pay for, quality of service and uninterrupted experience.
Thanks.