Distribution list is used for grouping users together, and emails can be sent to all members belonging to a DL.  In Exchange 2003, the default setting is that a DL accepts emails from any email addresses.  It can be configured to reject external email addresses and even internal addresses.  However, most users accept default configuration, and some DLs become susceptible to spam mails.

As a result, in Exchange 2007, DL is created to be secure by default.  External email addresses are NOT allowed to send an email to a newly created DL by default.  Of course, it can be loosened to allow mails from external email addresses to come in.

Configuration of existing DLs created by Exchange 2003 and prior is intact, though.  Admin should evaluate needs to allow emails flowing from external email addresses to DLs.  If they are not needed, they should be reconfigured to reduce spam.