No!!! Definitely not. We get 4-5 complaints about this on a daily basis already, and it's something we can't do anything about. I'm only interested if the bounces are actual bounces from spam being sent (via an insecure form to mail script or something) via our servers... if there is a case where you're not sure, might be best to check.
Bottom line (well somewhat of an over-simplification, but should cover most cases) is:
[*]1) If the bounce is sent TO an address at your domain, from AOL, most likely, it's just due to a forged envelope-sender.[/*]
[*]If the bounces are sent TO "firstname.lastname@example.org", you probably have something to worry about.[/*]
You can check this by examining the Received headers... you're looking for something like:
Received: from smarty.dreamhost.com (smarty.dreamhost.com [126.96.36.199])
by otto.dreamhost.com (Postfix) with ESMTP id 3D3A9909D4
for <email@example.com>; Tue, 16 Dec 2003 21:16:16 -0800 (PST)
[ message was sent to user@machine ]
Received: from mifenmail04.maritz.com (maritzmail04.maritz.com [188.8.131.52])
by willum.dreamhost.com (Postfix) with ESMTP id 8FEB52BDB5
for <firstname.lastname@example.org>; Thu, 4 Dec 2003 18:10:06 -0800 (PST)
[ message was sent to address@[domain we host] ]
I just wanted to confirm that the messages in this case were not, in fact, sent to an address which didn't exist.
In this case, the issue was due to actual spam sent via an insecure user script, and returned to the user's actual username at the user machine itself.
The issue about which made the issue a little more confusing is that even though the bounces were sent TO a valid address, the spammer used [somefakeaddress]@www.example.com as an address in the "To: " or "Cc: " headers of the original spam... this is one way that these formmail exploits trick certain vulnerable scripts into accepting the mail.
Hope that makes sense.
Just a note - we do not setup our mail servers or user machines to accept for [address]@www.example.com. You will not receive actual mail to this address (unless you go to a lot of trouble to set things up this way specifically).