Beginning sometime around 03/08/2017 we have noticed some unusual behavior with some (not all) of our PayPal IPNs. PayPal seems to be rolling out some kind of changes, there are a few others reporting other things, like: QueryString values removed from the IPN endpoint by PayPal
It looks like there are multiple versions of PayPal's system sending the IPNs, some of them contain notify_version=3.8 and some contain notify_version=UNVERSIONED.
The main problem is IPNs from "3.8" have receiver_email, but ones from "UNVERSIONED" do not.
In some cases we receive duplicate IPNs at the same time, one is the "3.8" version and one is the "UNVERSIONED" version. It seems like both versions of PayPal are handling the same thing at the same time. The "3.8" version seems to always successfully confirm the IPN and the "UNVERSIONED" version seems to always respond with "INVALID".
Some users are reporting that PayPal is unencoding the value we send for return (the URL that comes after the checkout). For example, a URL like http://example.com/some%3Dvalue sometimes gets decoded to http://example.com/some=value which is not correct and leads to a 404.
I am aware PayPal is set to roll out new changes on 03/29, relating to stricter compliance with their data formats, but we have already verified we are in compliance with this and this is still a few weeks away.
After a few days, IPNs returned to normal without any changes. PayPal never responded to our support emails or acknowledged any issue.