[mailinatorguy]

It's my guess that Mailinator is extremely irrelevant to their plan.

They planned to propagate via BCC but they needed a "To:" address - preferably one that didn't bounce.

So they hit the "h" key awhile, then added @mailinator.com

[meowface]

Would it have made a difference if they made the "To:" a non-existent address? Would a bounce also prevent delivery to BCC recipients?

[AstralStorm]

Technically, they have to defeat greylisting and server validity checks anyway to get mails accepted to most modern mail servers.

[fastest963]

Why didn't they just send the email to the recipient? What does the BCC add in this context?

[thehappy]

BCC recipients can't see (or contact) each other to mitigate the spread. If you look at the source code, it BCCs 99 contacts from the infected account per message.