A quick check of some of my list's headers suggests the spammers are not
bypassing moderation. Rather, they are overriding it.

I have some sub-lists with the (probably unusual) characteristic that lots
of my main-list subscribers need to send contributions to them, but
relatively few actually subscribe to the sub-lists. (They prefer to wait for
summaries of these contributions, which are compiled and posted by sub-list
subscribers.)

I grant the whole main list editor privileges to the sub-list, so they can
send to it freely. I've just checked headers, and when they send to the
sub-list, there's no "Approved-By:" entry in the message header, because the
message was never queued for anyone's approval.

Comparing this to Jay's case, I think it must mean that someone is, somehow,
approving the spam while it's queued for moderation. If they're the sender,
or in cahoots with the sender, they can control the timing, so they approve
it before he sees it on the queue.

As I mentioned earlier, the "Approved-By:" header entry can report the
address of the person the list server EXPECTED to approve it, rather than
the person who actually did so. So someone with system privileges that
supersede Jay's might do so--an inside job.

But another likely scenario is a spammer who has somehow obtained Jay's
password and is impersonating Jay.

I've just been reading the keyword guide section on Send=. Jay, do you
normally use the "OK" mechanism for approvals? And were you aware that
logging into the Web interface allows a moderator to approve messages
without having to match a confirmation number?

And do you see approval requests for the spam messages, before the "ghost"
approves them and they are distributed to your list?

Hal Keen


############################

To unsubscribe from the LSTOWN-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTOWN-L&A=1