I am a suscriber of a number of Wikimedia mailing lists, and I administer a handful of them. Over the last weeks I've seen a particular spam email being delivered to the mailing lists and not stopped by our SpamAssasin spam protection.
Given that the sender spoofs the sending address, the spam email is shown as sent by the very same list in which the message gets delivered. There's also no different address in the mail headers that could be used.
The spammer however always use the same email subject: Directorio Empresarial Mexicano 2019 and the contents of the email are also always the same.
I am proposing at https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/488022/ a global ban for this subject, but maybe @Dzahn or @herron could come with a better solution.
Given that this spamming is targetting several Wikimedia mailing lists a centralized ban instead of a per-list approach would be preferred.