I just got an email today which appears from its headers to be a bona-fide bounce triggered by spam with my @apache address on it. I also googled for some of the people on the list, and they do indeed work where where it says they do. So I think its genuine.
I've quoted the whole thing below, the scary part is summed up by this sentence "A list of all the people to whom these addresses might refer appears below" and sure enough right below the stuff I quote there's a list of people who's address might match michael@xxx formatted like :
name: Michael xxx
address: 695 XXX Road
For heavens sakes! I've spent years trying to explain why returning "mailbox does not exist" can be used by spammers to harvest addresses, and then I find out that people are still doing this. Priceless. I've sent a mail to the postmaster@xxx asking him if he's insane. I don't expect a reply from the current incumbent any time soon, he's probably fighting off a mail-storm.
The text of that message:
I'm sorry, but we had problems delivering your mail.
The errors we encountered appear below. If you have any questions,
contact the xxxxx Postmaster as firstname.lastname@example.org.
Please include a copy of this message with your correspondence.
The following addreses each refer to more than one person in our
directory. A list of all the people to whom these addresses might
refer appears below. You should resend to your intended recipient
using the address in the 'send_email_to:' field.
If your intended recipient is not on the list, then the person is
either not registered in the central directory or the address is