Yikes. Do you actually use Let's Encrypt for any domains at all (even if they're not getting an email)? Maybe through a hosted solution where they mistakingly used your email for an ACME account that they then put all their customers on?
I've seen some reports here of similar things:
So it's not unheard of…