Sounds like you had a fix. FWIW, editors and
list-owners are not moderated in many circumstances. Thus if one
spoofs the editor, then presumably it would be posted. Another
form of moderation is "self" -- list subscribers are challenged to
approve their own posting.
It may be that the spoofer will continue and you will need to
employ more drastic techniques: create new modertor email
addresses and .HH them from view. It is possible that the astute
spoofer esp. if they are also a subscriber, will be able to
interpret the distributed email for the APPROVED-BY header.
Or perhaps interpret email headers, assuming that the web POST
interface wasn't used e.g.,
Recently
we’ve found that spammers have been able to bypass our
moderation by spoofing the approval, if that’s the correct
terminology. When we changed the Send to...