At 10:29 01/28/2004 Wednesday, Brian Stoughton wrote:
 >Hi all.
 >
 >I'm seeing an issue where virus emails (subject line "Hi" etc...) are being
 >sent to some of our lists.  These lists are restricted so that only editors
 >or owners may send to the list, and they also require confirmation.  The
 >owners/editors are claiming that they have not received requests for
 >confirmation, and I don't see any evidence in the listserv logs that show
 >otherwise.  Any ideas?

As far as I have experienced:

1) spoofed FROM: field (appearing to come from a list or moderator)
bounces from some third-party and then the person receiving the bounce
thinks it was distributed via the list

2) the Approved-By: RFC822 [?] seems to be the "first" check in bypassing
moderation :-( and a faulty receiver MUA that reflects back to the list
will wreak havoc.