The respective mailserver likely checks which domains it is forwarding mails to, e.g. only allowing netbsd.org, or only allowing mails from localhost. In the more distant past, that wasn’t the case, so spammers would send their mails to the domain of such mail servers, who would blindly forward it to whatever domain is encoded after the percent sign in the local part. They’d effectively serve as an open mail relay then.