Tim Starling wrote:
They use duplicate message IDs, which I suppose is why they didn't appear in Gmane. Maybe it's a test of a new spamming strategy. I've long said that Mailman is laughably insecure and that it's only a matter of time before it's spammed to death, and that the only solution will be to evacuate to a web forum.
-- Tim Starling
It could be avoided by requiring a valid PGP signature* before sending to the list. Easy for mediawiki-announce, not so much for a list like mediawiki-l, where signed mail is the exception. Maybe a spf check would be enough for non-signed mail. If spam really break into mailing lists, then finally spammers will solve that old problem by forcing signed mail on everyone.
* Not any signature, but the one given for that email at subscription, obviously.