I was thinking about deploying some security.txt on our sites and your experience occurred to me, it is sort of like hanging a fishhook out there for all sorts of automated spamming.