That message wasn't sent from vistomail.com, it was spoofed. Theymos checked the email's headers and figured it out. He also found a reddit post explaining how to do the spoofing by the apparent spoofer of the message. It was only possible because the mailing list was badly configured.
This is spoofed.
Received: from mail.vistomail.com (cpe-104-231-205-87.wi.res.rr.com
[104.231.205.87])
by smtp1.linuxfoundation.org (Postfix) with SMTP id 01BCADF
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 10 Dec 2015 06:53:42 +0000 (UTC)
104.231.205.87 is not mail.vistomail.com. It's some residential IP, cpe-104-231-205-87.wi.res.rr.com.
I feel like the mailing list must be seriously misconfigured to allow this sort of spoofing... You could exploit this to send mail "from" any of the devs, for example.
I didn't check the headers, so I didn't notice this. That is very convincing that it is not Satoshi. But how can that domain name be spoofed? Does the sender set that name or is it done by the receiving server?
Here's apparently the person who sent it, explaining how he did it.In SMTP (the email protocol), you start your connection by saying who you are via a command like
HELO bitcointalk.org ("hello, I'm bitcointalk.org"). Most servers will then check that the IP address you're connecting from actually matches the hostname you give, and if not will immediately drop the connection. But the mailing list's server is apparently really stupid, and just blindly believes that any given hostname is actually accurate. So you could tell it
HELO whitehouse.gov and the server will believe that you're whitehouse.gov. Or whatever.
