Hi Ryan,
I can send along the email I have and see what you think. It could be that the server is fine and it's a spoof in the smtp transport to another osuosl server. But it looks like it routed through osuosl.
Best Regards, Martin Owens
On Mon, 2018-07-16 at 13:42 -0600, Ryan Gorley via Inkscape-devel wrote:
Pardon me if in looking at the headers you checked for this, but is it possible that someone is just spoofing the inkscape.org email address in a spam campaign? (That would be exposed by confirm the IP address is in fact our managed server)
As far as I can tell we don't have a DKIM, DMARC or SPF record configured on the domain. That would make a spoof at least more likely explanation for the bounced emails than a server breach, not to say that is in fact what the cause is.