to non-mail domains is significant. I have at least one host name
that was never a mail domain, but since it used to appear in usenet
headers it gets over 30,000 spams a day, every day.
I'm not convinced you've identifed causality ... only correlation.
The causality is that its name was scraped out of a zillion usenet
archives. Much of mail it gets is to addresses that are actually old
message-id's. Other hosts that don't have names don't get hit at all.
I suspect that many spam sources routinely 'scan' for open port 25s
and send mail ..
I haven't seen that in an extremely long time, and I log the port 25
connect attempts to non servers on my network. It sees plenty of port
25 attempts, but they're all to the scraped hosts and stale MXes.
Spammers have gargantuan spam lists and use the regular MX/A lookup,
sometimes using very stale precached MX lists.
For your web mail, make the right headers so that a reply will
work. Or arrange to have the mail depart from a valid mail server.
Um, I've been doing that for rather a long time. That's unrelated to
the scraped address problem.
IETF mailing list