i got that same "bounce" message, and rather than it being an attempt to get my password, the spam message INCLUDED my 78-L password. that would seem to indicate that the 78-L list-serve has been hacked. david harvey