While that is certainly possible, it is absolutely *not* required to see the behavior we're seeing. All that is required is for some infected computer to have available to the virus (in the address book, in "collected addresses", or -- for some viruses -- visible in some readable text file on disk) both the email address of a list subscriber, and the email address of the list itself.Since this is the only place where the origin and target address of e-mail I received yesterday are together, I think someone in the list is infected.
Given how many victims of these viruses there are in the world, it doesn't take long for the random combination of "from" and "to" addresses to create something that appears to be (from the perspective of the mailing list) a posting from a subscriber.
It's pretty easy to detect most cases of this by examining all of the message headers of the messages you receive. For example, I run Mozilla (on Linux :-) to read my mail, and I just select View --> Headers --> All if I want to check. The chain of "Received" headers is usually pretty good evidence about what happened. At least until the viruses start doing their own SMTP sends, which some of the recent ones have started doing.
Craig (who gets ~500 spams per day, even though SpamAssassin intercepts another ~1000/day ... more training is in progress :-)
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
