Yesterday I received an email apparently from Stefano, most probably forged as it seems to contain a virus (and Stefano is having fun offline anyway, lucky him).
I also got another “message rejected” reply indicating my @apache.org address as the sender, but I didn’t send this message. Looks like someone is playing with @apache.org addresses, I don’t think there’s much that can be done about it technically.
Update: on the community@ list, someone mentions the Klez worm as a possible cause (see “email spoofing” down that page). Sounds like someone with @apache.org addresses in their address book has been infected by this. Long live Outlook ;-)