IIRC, earlier in the thread someone mentioned the possibility that someone could be using e-mail notifications to quickly redeem them, possibly even with a script that parses the codes from the e-mail and enters it on xbox.com.
The following line contains a regular expression that matches the format of how codes have been posted :
\S{5}[- ]\S{5}[- ]\S{5}[- ]\S{5}[- ]\S{5}
Match any 5 non-space characters, followed by a hyphen or space, another 5 non-space characters, another hyphen or space, another 5 non-space characters, another hyphen or space, another 5 non-space characters, another hyphen or space and finally another 5 non-space characters.
I copied the current page of the thread into a text file and wrote a simple Perl script that parsed the file with the above expression and it pulled out the codes. There were some false positives with avatar codes that had "male:" or "female:" before the codes, since the regex matched the 5 characters of "male:" and the first 4 fields of the code. Since there's no apparent penalty for submitting numerous bad / used codes on xbox.com, like a 15 minute lockout, there's no harm in an automated process trying to submit them.
Once the codes are parsed out, it wouldn't be difficult to have a script or program feed them to xbox.com. For non-alphanumeric placeholder characters, a script / program could try every possible combination (again, no penalty for bad / used codes).
So it's possible people trying to redeem codes aren't just racing other CAGs, they could be racing computers (which aren't going to post a thank you).