Nick Simicich wrote, | The origin of the mail is set back to the user in the "From:" line or to | some odd variation of that user. | | My belief is that the end user is re-injecting the mail. The mail is going | to the end user, some sort of script is run and then, after minutes or | hours, the mail is reinjected.
About three or four years ago I saw the same thing happening on two lists running on eGroups (before it became Yahoo Groups). The messages were not redistributed but rather bounced because the list's Mailing-List: or X-Mailing-List: (whichever it was then) header was already present; however, the reinjecter had reset From_ to match From:, so they were bounced to their original authors. In both cases, the offender had a personal domain connected through the bouncing system and there was no member at an address in the bouncing system's domain. By running nslookup -q=any on the domains of all members, I helped both listowners find the culprits. One was probably malicious, the other may have been a stupid misconfiguration. All I can say is the obvious: kick the culprit off the list and reserve judgment about the provider unless there are future incidents from other members in that domain.
