You're in a big boat with a lot of people.

Had this happen to me... quite a few times to be honest. 50 bounces, and a dozen or two angry letters.

My emergancy plan for this situation is:
o) Write up a message to send to people who fire off angry replies.

o) Put a notice on the website announcing that someone is sending spam.

o) Try to explain the situation to angry sysadmins who don't know what theyre doing. (they thought i sent them spam -.-;;)

o) Try to find out who's sending the message, then seek legal advice (as a last resort).

Sympathise with you Matthew.
But, don't forget, anyone who includes your email address (along with 200 other 'mates') in an email to a third party, who later gets virus infected (or anyone else on the list of 'mates'), deserves a blast!
I have, too often, gently tried to explain to friends not to include me, or risk getting blocked.

Try to find out who's sending the message, then seek legal advice (as a last resort).

That option interests me. How would I start trying to find out who's doing this? The headers of the message are just a bunch of style information, which is lame, but effective at hiding tracks. The link they wanted folks to visit is fake and probably doesn't exist at all. Obviously I didn't try it myself, but it's a really strangely-formatted Geocities address - I checked the message source code to be sure.

Thankfully, the attack today seems to have been pretty limited. They were faking all kinds of addresses @mydomain.com, which brought the bounces back to our catchall. Actually, this very thing is one reason I keep a catchall account - I get to keep an eye on things like this that could otherwise go unnoticed.

The thing that burned me this time was the type of content they were sending. Very nasty stuff and definitely not what we want associated with our business image.

Very nasty stuff
Could you possibly forward one of those my way?

;-)