From our home we run a very popular website with a .com address, and this has been a major annoyance for us. I think the record was 8,000 delivery reports on one occasion - and that was in the days of dialup, so it cost us on phone bills as well as blood-pressure.
It's sobering to reallise that for each 1,000 failed delivery reports, the spammer probably sent many time more that that number to valid addresses, delivered to innocent people who may well think the mail came from yours or my domain name. I''ve sometimes worried that could cause my .com domain name to be blacklisted by spam-filters but, thankfully, it doesn't seem to happen.
We've dealt with it by configuring filtering rules that delete ALL delivery ports. The inconvenience of not seeing valid delivery reports is outweighed by the advantage of getting rid of 1,000s of unwanted messages.