Hi Hans-Martin,
looks like someone on this list had their PC and/or mailbox hacked, I got a "reply" to one of my mails trying to make me open some link (probably malware). This stuff is pretty common, but it feels a bit weird that it happened through someone who's active in anti-abuse and presumably not a noob :-)
I received a similar message on Monday supposedly ‘in reply to’ a message I sent to the list nearly two years ago. It may not be a list subscriber’s mailbox that has been hacked, it may just be using a public archive of the list. Whilst the “real name” in the From: field was indeed the person I was replying to at the time (Suresh), the sender’s email address did not match the name. In my case the spam message originated from:
Received: from beatingart.com ([62.113.107.99])
The sending IP address matches the SPF record for beatingart.com and from a quick check doesn’t seem to be on the major block lists, so it could well be a user in that domain has been compromised via phishing or some other means… I must admit I had just deleted the message at the time, but perhaps worth following up with <abuse@ionos.com>, assuming your message matches the details of mine. Cheers, Rob