I’ve (unfortunately) seen this happen a number of times as a byproduct of dumbasses failing to grasp the fact that desktop email clients aren’t great tools for email marketing, but never before seen it attached to out and out spam.
Rick Klau received a spam message yesterday. Not big news in and of itself, but here’s the twist: the spammer had compromised a mail server, set up his (or her) spam list as subscribers to a mailing list, and then sent the spam as a message to that list…with the reply-to address being the newsletter address.
See where this is going? Every reply to the original spam message then went out to the entire spam list. And then the replies to that reply went out to the entire spam list. And so on, and so on…
Read Rick’s original post for more amusement.