Peter Shute writes:
At least one member of our list has received an unexpected email from the list server requesting confirmation of unsubscription. It looks to me like someone has filled in this member's address on the unsubscription form on their behalf in an attempt to remove them from the list.
If it was the web form, there will be traces in the webserver log. As Mark points out, the POST data won't be there, but you may be able to correlate the webserver log with the origination time on the message received by the user.
There are other possibilities. The stock RFC 2369 headers provide a mailto link, for one. Somebody would have to use that deliberately, though. It's also possible personalize the list with an unsubscribe link, as this one does. Like this:
https://mail.python.org/mailman/options/mailman-users/pobox%40example.com
A similar link is usually to be found in the List-Unsubscribe header in received posts. The common parts of the two would make a good grep target in the webserver's log. (Often the footer link is customized to include the subscribed mailbox, while the List-Unsubscribe link goes to the listinfo page, or vice versa.)
If so, it is a common occurance that people either forward the mail or reply to it without trimming. In many MUAs the link will be quoted, but live, and people either accidentally click the link or intentionally click the link expecting to unsubscribe themselves.
Either way, if this is an isolated incident, I wouldn't worry about it, since it does occur reasonably frequently by accident.
Steve