I'm really starting to get the impression that web site harvesting bots aren't the only way spammers are getting addresses but that a new, more insidious form of address harvesting is at work.
Specifically, instead of system crackers installing viruses and DDOS agents, that they have cracked a few of the more central servers on the net (central in terms of mail flows) and simply extract addresses from every piece of e-mail that passes through the server, either logging the addresses to a hidden file on that server or (far more likely) sending them out to the smam harvest server surruptitiously.
Why would I get this impression? I've created a few accounts with very, very random addresses, on servers I've controlled (i.e., not Hotmail/Yahoo/etc.), only sent a few messages, and STILL started to get spam.
Could it be spammers trying a TON of random users on my hosts and eventually getting it right? Could be. But as I said, I'm really getting the sense that a few mail servers out there are in "promiscuous mode" and harvesting addresses even from mail between trusted persons.