I recently started tracking the addresses to which spammers are trying to send, and the number of addresses that have never existed in the domain, to which spam is being directed, surprises me. Most notable in this illustrious group (because I get why folks would try info, sales, admin, and the like) is johnsmithsvt. A quick Google indicates that it’s showing up in other folks’ rejection logs, too. Why? Is there some rootkit/worm/whatever that receives its orders at that address? The next message for that address that makes it through my RBLs (sbl-xbl.spamhaus.org, korea.services.net, combined.njabl.org, bl.spamcop.net, china.blackholes.us, dnsbl.sorbs.net, and dnsbl.jammconsulting.net (I have the last two set to return 4xx errors, since they’re awfully aggressive, and that gives me time to whitelist the senders, where appropriate)) will end up in my inbox, so I can see whether it’s just garden-variety spam or something more inimical.
Update: Garden-variety spam. For a variety of pharmaceuticals. I can’t imagine why they’re using that address.