Originally Posted by
nerd
I've gotten this, too. How do spammers decide what domain to use in a spoofed 'from' address? It can't be related to having a catch-all user at that domain, can it?
I don't think there's any rhyme or reason to how spammers pick their spoofed return addresses.