Nick Simicich wrote,
| The origin of the mail is set back to the user in the "From:" line or to
| some odd variation of that user.
| My belief is that the end user is re-injecting the mail. The mail is going
| to the end user, some sort of script is run and then, after minutes or
| hours, the mail is reinjected.
About three or four years ago I saw the same thing happening on two lists
running on eGroups (before it became Yahoo Groups). The messages were not
redistributed but rather bounced because the list's Mailing-List: or
X-Mailing-List: (whichever it was then) header was already present; however,
the reinjecter had reset From_ to match From:, so they were bounced to their
original authors. In both cases, the offender had a personal domain connected
through the bouncing system and there was no member at an address in the
bouncing system's domain. By running nslookup -q=any on the domains of all
members, I helped both listowners find the culprits. One was probably
malicious, the other may have been a stupid misconfiguration.
All I can say is the obvious: kick the culprit off the list and reserve
judgment about the provider unless there are future incidents from other
members in that domain.