Well, that is the most obvious explanation, except that I don't see forged "from" or "Reply-to" headers in the returned messages. It's still entirely possible that the messages were sent with a forged whatchamacallit - SMTP envelope? Or simply with a forged bang path leading back to orca.xepher.net, but while we're being paranoid... something doesn't match the pattern of what I've seen on other occasions when the same thing happened at other addresses. Mainly the short, sharp bursts in which those thousands of emails bounce back to my email address.
In short, while I don't think it's obviously the case that the spammers are using our email server and pretending to be me, I'm not 100% convinced that they're not. So could you keep an eye on that email server?
In short, while I don't think it's obviously the case that the spammers are using our email server and pretending to be me, I'm not 100% convinced that they're not. So could you keep an eye on that email server?