Tim Starling wrote:
They use duplicate message IDs, which I suppose is why
they didn't
appear in Gmane. Maybe it's a test of a new spamming strategy. I've
long said that Mailman is laughably insecure and that it's only a
matter of time before it's spammed to death, and that the only
solution will be to evacuate to a web forum.
-- Tim Starling
It could be avoided by requiring a valid PGP signature* before sending
to the list.
Easy for mediawiki-announce, not so much for a list like mediawiki-l,
where signed mail is the exception. Maybe a spf check would be enough
for non-signed mail.
If spam really break into mailing lists, then finally spammers will
solve that old problem by forcing signed mail on everyone.
* Not any signature, but the one given for that email at subscription,
obviously.