I maintain a rather large mailing list for the company I work for. Recently we've been using an open source mailer system with manual list maintenance. The reply-to address and the message envelope address are different, and they have never been published publicly on the Internet.
But man... do these unpublished addresses get a lot of spam.
I think, probably, the biggest source of this spam is mailing list subscribers who's computers have been compromised by some flavor of malware, spyware or virus. The rouge software is harvesting email addresses from address books and visited web sites. The program runs in the background and sends out a whack of spam for as long as your computer is on and connected to the Internet.
The spam these compromised computers are sending is getting hard and harder to filter increasingly stealing bandwidth to carry it's payload. Most recently, PDF attachments.
Do yourself, and the rest of the world a favor; be sure your computer isn't part of the problem by installing a trusted anti virus program such as Avast (http://www.avast.com). Avast is free for personal home use. There's no good reason (other than Linux or Apple OS) to have a personal computer unprotected.
