Stolen email list?

Stolen email list?

[Johnny Utahh]

I recently received email sent to my notmuch-based email address that 
was clearly spam. I suspect that notmuch@notmuchmail.org email-address 
list may have been stolen. If you're not already aware.

~Johnny

Re: Stolen email list?

[David Bremner]

Johnny Utahh <notmuchmail.org@johnnyutahh.com> writes:

> I recently received email sent to my notmuch-based email address that 
> was clearly spam. I suspect that notmuch@notmuchmail.org email-address 
> list may have been stolen. If you're not already aware.

I'm not aware of any such event. I've CC'd Carl, who runs the lists.

If you have e.g. message-ids of suspect messages, that would potentially
let others on the list check if they had also received them.

I suppose a motivated spammer could scrape the pipermail pages; the
obfuscation there is not exactly difficult to reverse.

d

Re: Stolen email list?

[Carl Worth]

[-- Attachment #1: Type: text/plain, Size: 669 bytes --]

On Thu, Mar 03 2016, David Bremner wrote:
> Johnny Utahh <notmuchmail.org@johnnyutahh.com> writes:
>
>> I recently received email sent to my notmuch-based email address that 
>> was clearly spam. I suspect that notmuch@notmuchmail.org email-address 
>> list may have been stolen. If you're not already aware.
>
> I'm not aware of any such event. I've CC'd Carl, who runs the lists.

I'm certainly not aware of anything either.

But I'd be happy to investigate anything I can, (if you have data to
point me to where to look).

In the meantime, if the list was leaked, are there any mitigating steps
you would recommend we perform at this point?

-Carl

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]