On Mon, 6 Aug 2018 at 19:31, MRAB <pyt...@mrabarnett.plus.com> wrote: > > https://pypi.us18.list-manage.com/track/[snip] > If you want to be sure, ignore the links in the email, and check PyPI at > the URL that you know is correct. > > Given that the email says "https://pypi.us18.list-manage.com" and PyPI > is at "https://pypi.org/", it does look suspicious. > -- > https://mail.python.org/mailman/listinfo/python-list
Those e-mails are legitimate. See [1] and [2]. The unusual domain is a common staple of Mailchimp, which is an e-mail newsletter platform (it was used to mail out the announcement), and they replace all links with tracking ones in their list-manage.com domain. (They also implement the GDPR in an anti-user/pro-spam fashion, but I digress.) [1]: https://status.python.org/incidents/nk7cyn2vh4wr [2]: https://github.com/pypa/warehouse/issues/3632 -- Chris Warrick <https://chriswarrick.com/> PGP: 5EAAEA16 -- https://mail.python.org/mailman/listinfo/python-list