--- /dev/null
+Return-Path: <cworth@cworth.org>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by arlo.cworth.org (Postfix) with ESMTP id 9EA206DE12F3\r
+ for <notmuch@notmuchmail.org>; Thu, 3 Mar 2016 12:28:49 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at cworth.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -9\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-9 tagged_above=-999 required=5 tests=[AM.WBL=-8,\r
+ ALL_TRUSTED=-1] autolearn=disabled\r
+Received: from arlo.cworth.org ([127.0.0.1])\r
+ by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id 04k37oopwLrK; Thu, 3 Mar 2016 12:28:47 -0800 (PST)\r
+Received: from wondoo.home.cworth.org (unknown [10.0.0.1])\r
+ (Authenticated sender: cworth)\r
+ by arlo.cworth.org (Postfix) with ESMTPSA id AE1AF6DE014A;\r
+ Thu, 3 Mar 2016 12:28:47 -0800 (PST)\r
+Received: from wondoo.home.cworth.org (localhost [IPv6:::1])\r
+ by wondoo.home.cworth.org (Postfix) with ESMTPS id 9FAB514C40F8;\r
+ Thu, 3 Mar 2016 12:28:47 -0800 (PST)\r
+To: David Bremner <david@tethera.net>,\r
+ Johnny Utahh <notmuchmail.org@johnnyutahh.com>, notmuch@notmuchmail.org\r
+Subject: Re: Stolen email list?\r
+In-Reply-To: <87k2ljwitf.fsf@tesseract.cs.unb.ca>\r
+References: <56D86143.6040205@johnnyutahh.com>\r
+ <87k2ljwitf.fsf@tesseract.cs.unb.ca>\r
+User-Agent: Notmuch/0.21 (http://notmuchmail.org) Emacs/24.5.1\r
+ (x86_64-pc-linux-gnu)\r
+Sender: cworth@cworth.org\r
+From: Carl Worth <cworth@cworth.org>\r
+Date: Thu, 03 Mar 2016 12:28:47 -0800\r
+Message-ID: <87a8mfs3uo.fsf@wondoo.home.cworth.org>\r
+MIME-Version: 1.0\r
+Content-Type: multipart/signed; boundary="=-=-=";\r
+ micalg=pgp-sha512; protocol="application/pgp-signature"\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.20\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch/>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Thu, 03 Mar 2016 20:28:49 -0000\r
+\r
+--=-=-=\r
+Content-Type: text/plain\r
+Content-Transfer-Encoding: quoted-printable\r
+\r
+On Thu, Mar 03 2016, David Bremner wrote:\r
+> Johnny Utahh <notmuchmail.org@johnnyutahh.com> writes:\r
+>\r
+>> I recently received email sent to my notmuch-based email address that=20\r
+>> was clearly spam. I suspect that notmuch@notmuchmail.org email-address=20\r
+>> list may have been stolen. If you're not already aware.\r
+>\r
+> I'm not aware of any such event. I've CC'd Carl, who runs the lists.\r
+\r
+I'm certainly not aware of anything either.\r
+\r
+But I'd be happy to investigate anything I can, (if you have data to\r
+point me to where to look).\r
+\r
+In the meantime, if the list was leaked, are there any mitigating steps\r
+you would recommend we perform at this point?\r
+\r
+=2DCarl\r
+\r
+--=-=-=\r
+Content-Type: application/pgp-signature; name="signature.asc"\r
+\r
+-----BEGIN PGP SIGNATURE-----\r
+Version: GnuPG v1\r
+\r
+iQIcBAEBCgAGBQJW2J5/AAoJEGACM7qeVNxhTkMP/0y68L6rQ4s8rP5Wm0j+WuI4\r
+n04EMtQnlpH5WE+4VH1dE7IIgDhH//66s0vV4NCj+RvVh380CZl0g7Gq/+wR36XY\r
+JHNIpnLKxIkyERXU3cEgdVF8m6kTAF3NAfA4Iu3gpWDDHFU7pVbUz+c4GGjBCoel\r
+9tgr+BJZtgMvd08w8J6G2z6et0HNV97mCauWfx1ku3cT0BaOV8X0irXTGU8I1i4C\r
+uviv/kk16l0xBNRjJVFgcVEtvgLvFylV8WF8sEcUCXgNZ12Mz+oa3cPDh3LfF383\r
+QWGIXGpe/fZXvIwQv/s5yUbYWko52VEWVkbSqLQNSe4r7CAUzu6RL3B9+0m7UE0S\r
+BLJljEgStIjH3ZRQtIhEq4+zund/AxIVnAsoWmkoF6n98Q2m6Z5j66Wv3F7UUget\r
+DYWHuHD9AoThOIs5OtHKTDKkW4sd6YEFsjXgTGyPBiM0x6a+b9ubdVZnB/RlfPPG\r
+VufXsNd98PCmvtTcKk9ONiMQNRmYikWAkcs7V/5hDcdZ1Tx56DPZxchPH2EX1Edo\r
+l5jSqb1F+xX4myKppIq2JZXvR8QJzipd0WAKo/t+5N9ick8hf0PXMEycZpRTkE2H\r
+7bjp9Df77Xu0WV/YIA+peY+CHCuLMS30fOy/+rTrfE5gCUQoQ868/mqc15Nj+WCo\r
+ComU1taYm1Dg6qM7dGIv\r
+=bIHc\r
+-----END PGP SIGNATURE-----\r
+--=-=-=--\r