Match.com, the popular paid online "secure" dating site, was found to reveal private email addresses during messaging.

Email Reply headers in the Messages reading pane reveal the "outside" email of the dating parties to each other. So my reading pane shows clearly at the top of an email Match.com "Message" thread:

Date: Wed, 24 Jun 2009 23:18:23 -0500

From: obnosis@talkmatch.com

To: pairaway@hotmail.com

Subject: Match.com Message: RE: Itsadate

So, I "obnosis@talkmatch" (obfuscated email Match.com only email address) would immediately know that a man identified only by his Match.com screen name, was really "pairaway@hotmail.com". And alternately he would also be able to see my outside email address in his Messages reading pane.

While at the same time, the bottom of the email Match.com "Message" thread their application tacks on a nice DISCLAIMER:

------start------
Important tips: Protect your privacy

Our email system strips away your real email address so that the
recipient will NOT see it in the
From: line; however, you must...
	• Remove any mention of your email address from the body of your message.
• Remove or turn off any automatic signature at the end of your email.
• Avoid using Cc: or Bcc: to help protect your identity.
If you receive an email that you find offensive or contains
advertisements for products or services other than Match.com, please
forward the message immediately to abuse@cc.match.com.
If you no longer wish to receive communication from this person you
can block this user from further contact here.
	
	
DISCLAIMER
Match.com does not screen private email between members, nor are we
liable for the content of these messages. All members are bound by the
Match.com Service Agreement.
	
---end----

Match.com was informed on June 25, 2009 with screenshots. They have yet to respond to this serious security application layer issue.