I worked on a Drupal site about 6 years ago, which has long since been decommissioned — as far as I know, the site isn’t running on any server anymore. However, I’m still regularly receiving security update email notifications for this site: the notifications seem to come from a number of different domains, and are sent to a number of different aliased addresses. I don’t remember setting up half of these domains.
I’ve just had to register with Drupal again, as I deleted my Drupal account thinking it would solve it.
Any idea what’s going on? Are these addresses on a global mailing list, where all those domains would also have been added?
Any help appreciated! Happy to provide some more details if someone is able to dig a bit deeper into this.