7022 SPAM Email Suspicious Hacked Distribution List?

Late on the evening of September 29 I received an email from myself, and, my fellow Toastmaster received another odd message which looked like a phishing spam email. "have I got something great - check it out - click here etc". When I look at the Distribution List it is almost all Toastmasters and a few strangers. I can not tell exactly which email the hackers got into but I sense it might be through Toastmasters. Have you had any other issues noted about this?
Thanks
Kathleen Pate

Can you post the email header so we can have a look at it.

eturn-Path: lenmarf@shaw.ca
Received: from mi05-ssvc.dcs.int.inet (LHLO mi05.dcs.int.inet)
(10.0.141.210) by cds074.dcs.int.inet with LMTP; Thu, 29 Sep 2016 22:02:31
-0600 (MDT)
Received: from p3nlsmtpcp01-01.prod.phx3.secureserver.net ([184.168.200.138])
by cmsmtp with SMTP
id pp1pbR87df4LLpp1qbngwf; Thu, 29 Sep 2016 22:02:31 -0600
Received: from p3plcpnl0110.prod.phx3.secureserver.net ([184.168.200.74])
by : HOSTING RELAY : with SMTP
id pp0qb8u7RQgkHpp0qbMUKC; Thu, 29 Sep 2016 21:01:28 -0700
Received: from [109.230.113.75] (port=46620 helo=ugszd.com)
by p3plcpnl0110.prod.phx3.secureserver.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.87)
(envelope-from <lenmarf@shaw.ca>)
id 1bpp0o-0003sj-H2; Thu, 29 Sep 2016 21:01:27 -0700
From: Kathleen Pate <lenmarf@shaw.ca>
To: *************************************************
Subject: something new
Date: RANDOM_Fri, 30 Sep 2016 07:01:12 +0300
Message-ID: <0000f06653e4$603f4e7a$65123330$@shaw.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_001B_01133563.7B8E2DF8"
Thread-Index: AdIZDKP/jiMcFsOJm5wFTDBX3ah+pQ==
Content-Language: en
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - p3plcpnl0110.prod.phx3.secureserver.net
X-AntiAbuse: Original Domain - shaw.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - shaw.ca
X-Get-Message-Sender-Via: p3plcpnl0110.prod.phx3.secureserver.net: authenticated_id: info@wrightengineers.co.uk
X-Authenticated-Sender: p3plcpnl0110.prod.phx3.secureserver.net: info@wrightengineers.co.uk
X-Source:
X-Source-Args:
X-Source-Dir:
X-CMAE-Envelope: MS4wfFYlYirWtzsHPQKiKgsTVJ00Hys08Vuaxs8uPWi4xQCaRYWyg+gfLFrQ0msByPYjEYWM4l+ftVn+h080wwj2ZoZYhV+XrsY+LApLyLWLaSmkV6C9N/tc
MzMSDKmKk7bUkqv+hjdbJlI3ZJXbrG2CbcbWgPuyCLxWw2beSc1TfLNDUYP5Xt/kHZz93N+kOyplfzU2r6ndkOoRYF2Ob3cHCg2HLCiPkUMGUQKaSXerwwRK

This is a multipart message in MIME format.

---

=_NextPart_000_001B_01133563.7B8E2DF8
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hey,

I've come across that wonderful stuff recently and it seems to be something really new, please check it out < teach.familybudgetcoach.com/aezhe >

Yours truly, Kathleen Pate

1) this email was not sent through the FTH server
Received: from mi05-ssvc.dcs.int.inet

2) This email was sent directly to the email addresses listed in the To: the FTH MAILLIST DO NOT SHOW AN INDIVIDUALS EMAIL ADDRESS.

3) this looks like lenmarf@shaw.ca email address has been hacked or there PC high jacked.

OK. Thank you.
I don't know that email. I'll let Shaw.ca know. Thanks for reminding me about the header. I forgot to look there.
Kathleen