I've seen one recent instance of this as well.
Mailman version - 2.1.11
From the log file:
Oct 06 08:14:21 2008 (25523) post to aauwnc-list from
noreply at myyearbook.com, sizew21,
message-id=<B7.79.09034.A5CF9E84 at smtp01.scs.myyearbook.com>, success
"noreply at myyearbook.com" is not a subscriber (!), and the the
"generic_nonmember_action" is set to "discard".
I sent a support request to MyYearbook.com (which does look like a
valid site -- though with loose rules on encouraging subscribers to
invite others), but haven't heard back.
The headers of the message that got through to the list didn't
include any reference to a subscriber to the list, but a message that
was delivered to my personal mailbox had a "Reply-To" header that
allowed me to track down the subscriber who probably inadvertently
spammed her entire address book with these messages. In other words,
the headers of the message I got outside of Mailman included:
From: myYearbook.com<noreply at myyearbook.com>
Subject: Is Barbara Your Friend? Please respond!!
x-mybid: bmFuY3lzaG9lbWFrZXJAbWluZHNwcmluZy5jb20To: <my personal address>
Content-type: text/html; charset=iso-8859-1
Reply-To: "Barbara" <a list subscriber's address>
I don't see the "Reply-To" header in the Mailman message (and,
indeed, the message that got through to the list has no way to tell
which Barbara sent it).
I believe this is the expected behavior for mismatched "reply-to" and
"From" headers. Is there any way that such a mismatch could be
considered a flag to be logged (so the real sender could be tracked
down) or to trigger moderation -- with exceptions for "reply to the
list" of course?