I recieve dozens of Expiration Notice email every day for seemingly random (but all dutch) domains.
The sender is email@example.com, so I guess this is coming from the legit Let's Encrypt email address.
I would be very surprised if all these hundreds of companies know my email and use it for Let's Encrypt.
My spam box currently counts more than 800 Expiration Notice emails, and I have deleted more in the past, so I've gotten well over 1000 of these emails
This is on my old email address, but still quite annoying since I do still use it for some things.
Yikes. Do you actually use Let's Encrypt for any domains at all (even if they're not getting an email)? Maybe through a hosted solution where they mistakingly used your email for an ACME account that they then put all their customers on?
Hmm. Well, you should be able to use the unsubscribe link at the bottom of any of them to remove your email address from Let's Encrypt's mailing list, as long as you're okay with not getting any "legitimate" renewal reminders for any domains you own with that email address that you may use Let's Encrypt with. But that, of course, doesn't answer how your email got put onto a highly-used ACME account in the first place…
It's not uncommon for a Let's Encrypt subscriber to enter the wrong e-mail address. When this happens, it does not grant that e-mail address' owner access to manage the subscriber's certificates, or vice versa. Because of this, it's safe to ignore misdirected notification e-mails from Let's Encrypt.
If you like, you may use the unsubscribe link near the end of the message, although please be aware that this would unsubscribe your e-mail address from any future Let's Encrypt notifications.
We've observed occasional bugs in ACME clients that lead to one user on (for example) a shared Web hosting server being registered to receive renewal notifications for every other domain on that server. This could happen in combination with someone entering the wrong e-mail address, too.
Hmmm interesting. When I do a whois lookup on that IP i see a lot of NL-STICHTING-DIGI-NL. When I googled this Vimexx came up. I have hosted at vimexx before, and some of my domains are still registered there. The hosting was a generic directadmin hosting (using let's encrypt I guess. )