I mean, I do not have that many Google projects. Especially not Youtube projects. I have, like, eight?
But the DKIM/SPF on the email are valid, and the link is:
c.gle is the Google-controlled URL lengthener they use to track clicks and stuff, so it all looks legit. Except that they list a couple hundred project numbers.
Amusingly enough, it appears that none of the Cloud Console pages list these “project numbers” — you have to use the “shell”:
And indeed, that’s one of the project numbers listed in the email.
So… whoever generated this email just, er, did something wrong that added a gazillion other projects that have nothing to do with me? No wonder they want to audit me!
I’d also want to audit the person who has project number zero!
So… anybody know what’s going on?