On 16 Feb 00, at 10:24, Mike Yuhas quoted from Risks:

>However, there is a more serious vulnerability here: infinite loops
>between two or more closed lists.
>
>If an attacker forges the originating address of a closed list that sends
>back automated rejection notes to another closed list that sends back
>automated rejection notes, then each forged message will generate a
>mailstorm as a function of the speed of the servers in sending bounce
>messages to each other.

Listserv is RFC1123 compliant and bounces with a null "return-path"
that it won't bounce to if it's also on the receiving end.  Right?

                                                    -Kary