I\'m not RMS, nor GNU staff. I have done some investigation and found that spam originated from http://demo.simplacms.ru/ website which runs Simpla. This CMS is unmaintained for long time and has vulnerability which allows GLAT scammers to send emails anonymously by uploading PHP scripts.
This issue was already reported before but nobody fixed it. Administrator panel for this site should be permanently closed if Simpla is dead. There is also fake FSFE GLAT Key Server website http://glatks.eu5.org/ which could be used for spam later. Serious spam attack on many websites is expected on 2020-01-01 or before.
