I'm not sure what you expect Plusnet to do. The only possible action I can think of would be to block all emails to your domain.

...which we can quite easily do now, if you wish. Bear in mind you can still register a free .uk domain, use this to collect your mail and turn off all email to your username.plus.com account.
Hope this helps,

I had exactly the same thing happen to me some months ago, from one of my domain names not hosted by PlusNet.
It had never received spam before, then all of a sudden it started getting a barrage of delivery failure reports. Didn't get actual spam though - just the failures.
Started getting about 250 in the space of an hour, I was using just a single mailbox with a catch-all (well it wasn't a problem before), so to get round it I moved the <usedalias>@domain.com into a separate mailbox, and put the catch-all <everythingelse>@domain.com into a different one which I'd check occasionally and trash.
I think they just determine whether a domain is active (or in your case username) and start using that. Not at all difficult to do on the internet.
They do seem to move onto other domains though, this one went from about 250 per hour at the peak, and checking now it's only received 48 in the past 2-3 weeks.
I would recommend turning off catch-all and only having specific mailboxes for the aliases you use. This of course doesn't help much if the spam is going to those aliases as well, but often that is not the case.

Hesitantly I have turned the catch all off after 5000+ spam, I had been in the habit of using idtag@username.plus.com
This allowed me to see if anyone was distributing my e-mail address eg: sitename@username.plus.com
This often produced good results and let me track who was selling on mailing lists etc.
I know that SMTP authentication slows e-mail down but I think it would be worth while implementing. I use it on my own server with a good degree of sucess
MARK

And how would turning SMTP Authentication on at plusnet do anything? You are getting perfectly valid bounces. The fact is that the spammer has used your domain as the return address and that is why you are getting all the bounces.

Quote from: aetos

Hesitantly I have turned the catch all off after 5000+ spam, I had been in the habit of using idtag@username.plus.com This allowed me to see if anyone was distributing my e-mail address eg: sitename@username.plus.com This often produced good results and let me track who was selling on mailing lists etc. MARK

Hi,
You can still do this with the catch all off, by creating aliases for each site. It takes a little longer, but you can easily bin an alias if you start getting spam to it.