Several points. 1. It wasn't just NANOG. A number of other mailing lists were targeted. Whether or not all these attacks were launched by the same entity is unknown and probably unknowable. 2. The admins@nanog.org address appears to be unresponsive. Is there actually anyone reading that? If so, who? And why aren't replies being issued in a timely manner? 3. Mailman includes an "emergency moderation" switch for just such occasions as this. When activated, it holds all incoming mailing list traffic for human attention, i.e., nothing goes out unless manually approved. It would have been a good idea to throw that switch as soon as this started, in order to minimize the consequences. 4. As noted, if outbound traffic is already in the MTA queue, then it should be halted and manually cleaned out. This is often annoying and tedious, but it's better than letting it flush. 5. The admins should probably reach out to the keepers of the most-often utilized MX's for NANOG message delivery, as no doubt the onslaught of spam caused degradation of their idea of the sending system's/domain's spam/non-spam traffic mix. (I say that knowing that some or possibly most of those will be impossible to contact: it seems that many people running mail servers failed the first hour of the first day of Email Administration 101 and do not read their postmaster mail and act on it.) 6. There are additional pro-active and reactive steps that can be taken to forestall future such incidents or at least to mitigate them. I've reached out (again) offering to bring my expertise to bear on the problem. None of these steps will be panaceas. None of them will give guarantees. But in combination they should at least help decrease the pain. ---rsk