just to demonstrate....
there are spammers that fake a legitimate From: address. Even though using
the same address as sender and recipient is an "interesting" special
case....
Harald, this is not the issue. Everybody knows that spam with fake but
legitimate from addresses abounds. For example, I routinely get bounces from
spam sent with my from address and so does, I suspect, anyone else who has a
widely known email address.
Similarly, the case of viruses sent from legitimate addresses found on some
infected system to other legitimate addresses, including list addresses, found
on that system, is known to be a common case. But virus scanning is a separate
concern for a variety of reasons.
At issue is whether or not spammers are attempting to get the stuff they mail
out through list subscription filters and onto lists by using addresses known
to be subscribers to those lists. This is the case that matters. It matters
because without it the amount of spam that actually gets through by other means
is negligable: The chances that a fake from address will happen to align with a
list subscriber are low.
Again, I have investigated the few cases I have encountered of messages getting
through to lists that appeared to be targetted this way. In all those cases
thus far the message was either a virus or it was a case of list
misconfiguration. The latter is, I suspect, a lot more common than you'd think.
And unless this really can be shown to be a problem I think the use of tools
like SpamAssassin without such a whitelist is at a minimum a suboptimal choice.
The rate of false positives is too high for comfort.
Again, don't let the best be the enemy of the good. I have wasted far more
time reading the Dan Bernstein list posting discussion than I would have
handling a few more pieces of spam.