Link to Original Source
It seems like the attack is just taking user names and other publicly-known data trying to determine an email address from them. Spammers don't need microid to confirm that their guess is correct; they'll just send to all 50 or 100 top email domains, hoping to get a hit.
The whole point of MicroID is that if someone knows your email address, they can tell that you are the author of the page. If your email address is easy to guess, then your email address will be revealed, _whether_or_not_ there's a microid here, there, or anywhere.
If an email address is easy to guess, then the email address is easy to guess. Not clear what new ground we're covering here.
is it 4:20 yet?
Coming in first place is CDW at 81%, edging out last year's top vendor, Red Hat (which took third place this year). Microsoft came in at 24. The package includes a pretty detailed methodology on how the survey was conducted. 826 qualified respondents participated.