Brad says that his company email looks to be compromised. Leo says it's more likely his email address has been "spoofed" by spammers, and it's really easy to falsify or spoof a reply email address. Sooner or later, they will move on to a new random return address. That's why everyone gets spam and even bounced back emails that don't work. So it's unlikely Brad's email address has been compromised, just spoofed. It could also be that people on the mailing list has been compromised through a "phishing" scam, where they click on a link that they shouldn't, and it's installed a bot or virus onto their computer. And there's really nothing that one can do other than encrypt the email.
One thing Brad can do is use PGP to digitally sign his email, and that any email people get that isn't digitally signed should be ignored.