It appears that overnight some spam was sent out that spoofed my email address and appeared to be a reply to a genuine (old) message on this mailing list. It appears some people are then hitting "Reply All" and so generating additional messages to the OAuth WG mailing list asking to be unsubscribed.
I've checked my own machines and there is no sign of any of them being compromised to send the emails, and there's no trace of any such email in my account's Sent folder - it seems to have been a straightforward email address spoofing. I've asked our IT department to double-check our DMARC/DKIM/SPF settings just to be sure. Based on the responses I've received, the only people who seemed to received the original spam messages (not the responses) all have "@sympatico.ca" addresses, so it might also be the case that this ISP is not validating incoming emails correctly. I have emailed the ISP to alert them to this, so hopefully the issue will be corrected soon if so. -- Neil _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
