Rule 1 is that spammers don't use their real return email address. I think everyone on the planet except UCEPROTECT gets this concept. What spammers do is to take a whole list of targets and randomly pick two addresses at a time, one for the recipient and one for the bogus sender. So if you are being spammed, you can also know that others are receiving spam that looks like it came from your email addresss. You can also be sure that some percentage of undeliverable spam sent to your email server will have a forged address of a spam trap. Doom on you.
Suppose a spammer targets an address on your email that is invalid or "out of office" and the spammer uses a forged "sender" address of a UCEPROTECT spam trap? That's right, when the geniuses at UCEPROTECT get the bounced email back they decide your email server is guilty of "abuse" and they automatically blacklist you. What does this mean for people who use UCEPROTECT to filter their inbound email for spam? It means that really important email from your boss or your business partner is going to go to the great bit bucket in the sky. UCEPROTECT isn't about protecting you from spammers, it is about punishing server operators for using an email model that interferes with the UCEPROTECT business model. UCEPROTECT would love to give you a clean list of spammers, but they can't because of the kind of "blowback" noise that spammers generate. The only reasonable course of action for UCEPROTECT to take then was to list "abusive" companies in with spammers and give you a list of everybody they don't like. Reasons UCEPROTECT will place you and your business partners email servers on their blacklist are: