What to do with replies to spam?

Almost a month ago I blogged about how much spam I receive. At that time it was around one spam email per 100 seconds (average over the previous month). Since then I've updated my crude spam rate tracker twice and I'm now receiving approximately one spam every 90 seconds. If you look at the numbers carefully you'll noticed that today's count was less for all mailboxes except one; N L AR, the catch-all address for lucion.com.ar. The spam count for that mailbox increased dramatically from about 1000 to almost 4000. Most interestingly, I received almost 150 automated replies to spam messages from unused @lucion.com.ar addresses:

screenshot of mailbox with many automated replies to spam emails from unused @lucion.com.ar addresses

It would seem that a spammer is targeting lucion.com.ar as both a fictitious from address for their outgoing spam, and a spam recipient. Why would lucion.com.ar be targeted? Does anyone know how to foil this targeted spam? Should I turn off catch-all? Set up SPF?

I've also started receiving comment spam on this blog. Probably average about 3 per day -- all of the same style; usinge BB-code, random letters as titles and usernames and probably from the same botnet (they're from many unrelated IPs). Since I'm running this on drupal 6 RC1 I haven't put up any anti-spam defenses other than having all comments moderated. I assume that most or all of the best anti-comment spam contrib modules have not yet been ported to drupal 6. Are there any?