You may know that the continued viability of the spamgourmet service relies on an analog of the "dead man's switch":
1) it's (a lot) cheaper to "eat" (i.e. ignore) an incoming message than it is to forward it, and
2) each address, and therefore each account, naturally trends toward all email being eaten and not forwarded, so
3) therefore, the load on the system stays at the minimum necessary to provide the service that the users really want.
An abandoned address trends toward zero messages forwarded as it runs its count down and as the exclusive senders move domains and the match text becomes invalid. An abandoned spamgourmet account trends toward zero messages forwarded as its addresses trend toward zero and its trusted senders move on / change their domains, etc.
The *most* requested feature for spamgourmet is to allow for a disposable address to accept mail from all sources indefinitely until it is affirmatively disabled by the user. We have refused to implement this feature, knowing that it would bring an end to the service, as abandoned accounts/addresses built up to put a big load on the system. We'll keep refusing to add it as a feature - the last thing we want is for a statistically significant percentage of the >4million addresses to be pegged open indefinitely.
Now the "undocumented" part: At first, the exclusive and trusted sender matching didn't work for mailing lists that used the common approach of having multiple senders submitting messages to the same, say, majordomo list address. To work around this issue, we modified the code to match both the From and To addresses against the exclusive sender text. But when the exclusive sender text matched the disposable address itself, this had the unintended side effect of matching *every* message that was To: the address (not CC or BCC, btw), essentially pegging the address open. We decided to leave it at that, knowing that, without proper documentation (or maybe even with it), there was no way that a statistically significant percentage of the addresses would wind up in this state, but those users who *really* wanted to peg open addresses still could.
That's the story
BTW, your test with the @ sign isn't complete until you receive a message from the intended sender and it *doesn't* decrement the count - I have to admit, I haven't tested that approach. The exclusive sender uses function uses regular expression matching, and the @ sign usually needs to be escaped - I can't remember if that's handled automatically or not.