(This has probably already been thought of and discussed. I'm not even saying this is the case here, just some thoughts.)
Could this be a new form of mild denial-of-service attack? Imagine, someone who has a grudge against a mailing list finds some addresses that have anti-spam autoresponders like this one. Then they set up some dummy addresses that do nothing but forward list posts to the autoresponding addresses. Then anyone who posts to the list gets bogged down with autoresponders, and it's practically impossible for the listmasters to figure out which addresses are causing it. Maybe the only way to track down the bad addresses is to examine subscription history and cross-reference that with the times that the autoresponses were first seen.
