Spam filters not applied to self-hosted site?

Developer help Self-hosting
1

The background is as follows:

  • Self-hosted Ghost site on Linux host (which is regularly updated). Ghost itself updated to latest versions as they become available (maybe not all patch updates, but definitely a good update cadence).
  • Using Mailgun for sending newsletter emails.
  • Spam domain block list as below. Compiled based on spam signups on my own site as well as recommendations here on the forum.
txt.bell.ca
tmomail.net
email.uscc.net
txt.bellmobility.ca
txt.att.net
vtext.com
mymetropcs.com
tmomail.net
mymetropcs.com
msg.telus.com
pcs.rogers.com
fido.ca

Now, when looking in the Mailgun dashboards and logs they show that emails have been sent to various recipients with domains listed in the block list, for example to “txt.bellmobility.ca” and others.
Not insane amounts, but definitely something I don’t want there.

The sent emails all have a subject of “:raising_hands: Complete your sign up to -blog name-”, so I guess someone (not the address’ owner, obviously) tried to sign up to the newsletter with that txt.bellmobility.ca address, then an email was sent to the poor person owning the address.

This is where I don’t get it.
I thought the blocked domains would prevent the above from happening, but maybe I misunderstood things.

Concrete questions:

  1. What does the blocked domains feature do, if not preventing the above scenario?
  2. What do the actors doing this hope to achieve? I don’t quite see what they have to gain. Hoping to get access to my server by probing email headers? Just being a pain?
  3. Does link tracking and open tracking (Mailgun features) open up for this happening? Those Mailgun features rewrite URLs in the sent emails, as I understand it.
  4. I would like to prevent sending any emails to these domains, but that’s not possible within Ghost. Idea for the future I guess. Tried to do it in Mailgun, but not possible there either, surprisingly (need to double check that - I really expect there to be an outgoing block feature there!)

As I have a pretty vanilla self-hosted setup I figure the above could be relevant and apply to others too.

Anyone got insights into this?