That lessens the probable impact of the return traffic to a rough multiplier of 10. And given the time spread (my experiment yielded replies over 4 days), I don't know if this can be counted on to yield a denial-of-service attack. (I suppose it's possible the perp might be trying to spam penet in the original sense, by trying to overrun arbitrary limits in the server)
I was thinking about this as I thought about the combination of mail->news gateways such as anon.penet.fi and news autoresponders, and it stuck me that a denial of service attack could be based on including a *.test newsgroup in a Reply-To: header, causing the autoreplies to get posted back into the *.test groups. Some of the autoresponders seem to be set up to prevent this, others not. I don't know if anon.penet.fi is set up to prevent this sort of regurgitation. --Paul