How can you see if you are a BCC recipient if you really are a BCC recipient? The nature of BCC is that it hides all the recipients of the message listed in the BCC field...
I've worked with distribution lists before in Outlook, and if I put all my recipients in the BCC field, and my own email/name in the To field, then no one but me can see who else the email was sent to...
Also, the spammer's email address in the To field could be the name of a distribution list... - thus hiding all of the emails that way...
There was a time when servers would try to bounce all failed email. (There was a time when you could more or less trust everyone on the net, or at least their system administrator.) Times have changed and the majority of email messages are spam.
Even when attempting to sent bounce messages there are conditions which prevent sending of the reply. These should mainly be problems with the originating domain.
The only safe time to bounce a message is before it has been accepted. Many servers accept all messages and only later verify whether they can deliver the message. Once the message has been accepted, it is likely the bounce will be sent to a domain that had their identity spoofed, and be considered back-scatter spam.
Another reason not to bounce messages, is to protect the list of valid email addresses. Bouncing message with no such user errors allows cleaning lists of potential email addresses. This simplifies targeted email campaigns which may be used for phishing.
Email that ranks significantly high on spam indicators is often just dropped. That is what happens to all the '419' scam messages I receive. Certain blacklists are considered reliable enough that your message may be just dropped.
Messages sent from a dynamic IP address is also likely to be dropped as the chances are well over 99% that it is spam. Sorry, there are a lot spambots out there on dynamic IP addresses. A static IP address with DNS passing reverse validation is likely to be valid.
Issues with delivery are best handled by working with your logs and their logs. You should be able to verify in your logs which server your message was delivered to. They should be able to verify from their logs what happened to your message.
There severs which will bounce your message back to you with various indications of the quality of your messages. For this to work you need to have incoming messages working. Then you can start working on outgoing messages.
I've posted somewhat extensively on Email. My article on Detecting Email Server Forgery lists some validation services. My original post on Running an Email Server is a bit of a rant as at the time I was dealing with a number misconfigured servers. Larger organizations are increasing applying policies contained in my http://www.systemajik.com/blog/email-policy/.
Best Answer
You've hit the nail right on the head there. Many virus's send spam from an address in the address book of the infected machine. Sending messages from a known person is good to con people into opening the virus and infecting another machine. 'Oh look, Puri has sent me some pictures'. Also, by using random users, rather than the email of the infected person prevents the infected machine from being easily identified.