valhallen, I'm just replying on the fly here, so if I miss a point or make a false assumption, please feel free to deride me as I know you all will.

I don't necessarily see the usefullness in a self-referring script to keep the 'bot in a loop. That wastes your own resources, and as you pointed out, only generates extra traffic and uses cycles on what is probably a zombie the spammer has control of.

Mucking up their DB is an honorable goal, and as soda said the VRFY call will help a technically astute spammer (they have to be these days, to make any money at it) determine which addresses are valid. But the larger goal must always be to identify spammers and take the fight to them...either criminally, civilly (as in civil court action), or those two failing, 'physically' (hehe...not sure how to put that...but if your servers are identified as SPAM homes, you will be blocked, routed to /dev/null, dos'd, and probably hacked to oblivion, depending on who has the info.)

I'm a supporter of Project Honey Pot, which is a pretty cool take on the whole thing. They do something similar on a lowkey scale. Basically, you have a scripted page on your site...they support most active content languages...that is hidden, as valhallen described. No human-visible links to it or anything, just links hidden by div tags, comments, etc. When this page is accessed, it generates a unique email address...a VALID one...and then tracks messages that come from that address. They correlate the IP of the spambot and the (reported) source of the spam that arrives for that address. Very cool stuff. You can see their example of the script output here. As you can see, it's all very nice and legal looking.

I am not familiar with the practices or scripts valhallen described, but this one I've presented seems to be more effective.