On Jul 16, 2014, at 3:30 PM, m.roth@5-cent.us wrote:
Went back and looked at the full header... and sent a note to my hosting provider, to see if they have a clue, and I'm wondering about a man-in-the-middle attack. It *looks* to me as though it was resent, not forwarded, from overstock.com as HTML email, too....
This just gets weirder.
Maybe someone who is on the list in that domain redirected the message in a funky way that ended up going back to the list? I know some MUAs can resend a message to a new destination as if that was the original target, with the original headers and an envelope sender based on the from header.
— Mark Tinberg, System Administrator Division of Information Technology - Network Services University of Wisconsin - Madison mtinberg@wisc.edu