Pete Weiss wrote: > something generated a "bounce" report perhaps sending to a bogus to: that > made it appear that it came from the owner-listname. > > I have a bunch of bounces from FIRSTNAME@SOME_ISP that aren't subscribed. The MyDoom virus forges sender addresses using addresses it finds in files on the infected computer. It could have found 'owner-listname@listhost' in list message saved by the owner of the infected system, and used that as the forged return address on a virus carrier message which was sent to an invalid address. Result: a delivery error message to owner-listname for an address which is not subscribed to the list. The MyDoom virus also randomly generates both sender and recipient addresses using the following usernames, prepended to harvested domain names: adam, alex, alice, andrew, anna, bill, bob, brenda, brent, brian, claudia, dan, dave, david, debby, fred, george, helen, jack, james, jane, jerry, jim, jimmy, joe, john, jose, julie, kevin, leo, linda, maria, mary, matt, michael, mike, peter, ray, robert, sam, sandra, serg, smith, stan, steve, ted, tom -- Paul Russell Senior Systems Administrator University of Notre Dame