Externally administered backup MXes run into backscattering because
they don't maintain a copy of the users database.
Some don't, many do.
To amend that status
of affairs implies that a user's email address will also be stored at
an externally controlled backup MX. Such situation should interest the
users, as those addresses are part of their personally identifiable
Not necessarily. The obvious trick is to store hashes of valid addresses along
with per-domain rules for how to strip stuff like subaddresses, prefix
characters, etc. Yes, a dictionary attack can be performed on this information,
but you can also do that by whacking on the primary MX.