My apologies for the annoyance. Evan (my server guy) explains what happened:
We had the list configured to allow posting from the Bruce's email address
without any moderation. Any posts to the
list from that address would be sent out to all of the members on the
list immediately, whether that post was actually from Bruce or not.
Unfortunately, this aligns itself perfectly with the current strains
of viruses which send themselves to random addresses in the address
books of infected hosts, and also make themselves appear to be from
random addresses from those same address books. Also, it seems that a
virus managed to get lucky and find someone subscribed to the list,
and it also by chance picked the exact "From" and "To" addresses to
cause almost the worst damage.
I had thought the chance of someone on the list doing this maliciously
was extremely small, since Bruce attracts a reasonably literate
following, and malicious attacks like this would normally be the
province of Script Kiddies. I also did not consider the possibility
of a virus doing just this to be plausible, either. I seem to have
been mistaken.
The list is now configured to have all posts, even those from Bruce,
be moderated, meaning that even he will be required to approve any
post he makes by hand as well. This will prevent this sort of spoof
attack.
