It was sent to info at my domain running RoundCube, which makes me think they might be scanning for instances.
Subject: Account Notice: Terms Update Required to Avoid Service Interruption
Date: Thu, 5 Feb 2026 20:31:12 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0B49_01DC96DE.5E1B0F10"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
This is a multi-part message in MIME format.
------=_NextPart_000_0B49_01DC96DE.5E1B0F10
Content-Type: text/plain;
charset="windows-1251"
Content-Transfer-Encoding: quoted-printable
Important Notice About Your Account
Dear user,
If you do not accept the updated terms and conditions before February, 7, access to your Roundcube mailbox and related email services may be automatically suspended. After that date you may no longer be able to:
Send or receive emails Access contacts, calendar, or stored files
Use connected email apps (mobile clients, IMAP/POP3, etc.)
The acceptance process usually takes less than a minute.
Review and Accept Terms This message was sent by the Roundcube administration team. To stop receiving policy notifications, update your email preferences.
It contains a link to rdnundcube.com (#post_).
I've seen many some to domains with Roundcube and others without, I do think they pickup domains that are on cPanel more often though since Roundcube is the default webmail for cPanel.