Here are the relevant headers as I saw them from the list:
"""
Received: from benjamin.baylink.com ([127.0.0.1])
by localhost (benjamin.baylink.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Rv7Ib4bfEtWx for <jra@baylink.com>;
Sun, 10 Feb 2013 19:55:34 -0500 (EST)
Received: from sc1.nanog.org (sc1.nanog.org [50.31.151.68])
by benjamin.baylink.com (Postfix) with ESMTPS id 280D91F0012A
for <jra@baylink.com>; Sun, 10 Feb 2013 19:55:34 -0500 (EST)
Received: from localhost ([::1] helo=sc1.nanog.org)
by sc1.nanog.org with esmtp (Exim 4.80 (FreeBSD))
(envelope-from <nanog-bounces@nanog.org>)
id 1U4hg5-0007zX-6D; Mon, 11 Feb 2013 00:55:25 +0000
Received: from smtp.mnginteractive.com ([63.147.64.243])
by sc1.nanog.org with esmtp (Exim 4.80 (FreeBSD))
(envelope-from <jra@baylink.com>) id 1U4hfD-00074r-27
for nanog@nanog.org; Mon, 11 Feb 2013 00:54:31 +0000
X-SBRS: None
X-HAT: Message received through Sender Group RELAYLIST,
Policy $RELAYED applied.
Received: from atglive19.medianewsgroup.com ([10.148.16.99])
by smtp.mnginteractive.com with ESMTP; 10 Feb 2013 18:02:46 -0700
Message-ID: <31513948.1360544065374.JavaMail.atgservice@atglive19.medianewsgroup.com>
"""
Unless I'm very much mistaken, I believe that last Received before the date
(combined with absence of the static IP of my mailserver) is evidence of an
envelope-level forgery.
If whomever is babysitting the list this quarter pings me direct, I'll
give them that static (assuming they can't already see it themselves),
and they can double check, but it doesn't look like it came through my
server; no appearances of nanog.org in my lots between 1720 and 1855EDT.
I note also that I can't see a message body either in the copies I got
from the list, or the ones I was forwarded.
Cheers,
-- jra