On Jul 16, 2014, at 3:30 PM, m.roth at 5-cent.us wrote: > > Went back and looked at the full header... and sent a note to my hosting > provider, to see if they have a clue, and I'm wondering about a > man-in-the-middle attack. It *looks* to me as though it was resent, not > forwarded, from overstock.com as HTML email, too.... > > This just gets weirder. > Maybe someone who is on the list in that domain redirected the message in a funky way that ended up going back to the list? I know some MUAs can resend a message to a new destination as if that was the original target, with the original headers and an envelope sender based on the from header. — Mark Tinberg, System Administrator Division of Information Technology - Network Services University of Wisconsin - Madison mtinberg at wisc.edu