UPDATED 8:10 PM EST, November 21, 2023. Sorry, I misread the mail headers. I’m out of practice.

UPDATE 2, 4:48 PM EST, November 22, 2023. Got a statement from the MIT FSA. See my new post.

Yesterday I received an odd email purporting to be from the MIT Free Speech Alliance, but attacking it. The headers in the mail seem to say it originated from the usual source, suggesting that either an insider sent an unauthorized message or the account’s security was compromised. CORRECTION: The message comes from a Yahoo account unrelated to the usual sending account. Even so, the sender was able to get hold of at least some of the addresses on the organization’s mailing list. The mail said “Ask them to remove your name from the MFSA membership list they claim to represent as they advocate to destroy the diversity that helps make MIT the great world-class institution it is today.”

I’m trying to figure out what happened, and I’ll provide more information when I have it. Meanwhile, treat any email you receive from mit_freespeech@yahoo.com with caution. Note that that is not the address from which legitimate MIT Free Speech Alliance emails come. The situation suggests that even if the mail server wasn’t compromised, a malicious party got hold of all or part of the list of subscribed addresses and could make further use of it.