On Sun, 14 Jan 90 19:20:34 GMT Eric Thomas said:
>>I  think that  every  user has  the  right to  unsubscribe  from a  list
>>whenever he/she wants.
>
>It's not  a problem of  "right", but of not  being sure that  the command
>actually comes from you.  Given a 20 lines exec and a  few minutes, it is
>very easy  for a "smart"  user to REVIEW a  large and important  list and
>zzzap,  signoff everybody,  clean and  neat....
.
.
>  Eric
 
It IS a problem with "right". The situation today is that a user can join a
high-volume list without any hint that he/she will not be able to get off
that list alone. If the list owner is busy/away/hibernating/disconnected,
then the user will continue to receive that high volume of unwanted mail.
I find this particularly disturbing for lists which are open subscription.
I am not convinced of the need for this safeguard; there are so many things
that a pernicious hacker can do that I don't think that any hacker would
waste his/her "talents" on something with so little "thrill value". Still,
the more safeguards the better, as long as they are worth the bother.
So, I still think that postmasters should discourage the use of 'Validate=
All commands'. If it is used, I think that a message to that effect should
be included in $DEFAULT MAILFORM so that users will at least be warned
about this. Finally, I think that best solution is simply to use the user's
password for validation, i.e., when a user tries to subscribe to a
'Validate= All commands' list, the user is told that a password is required
(the usual password blurb). That way, users are protected from being
signed off by hackers. There is even an added safeguard: a hacker can not
sign me up for a list on a Listserv for which I already have a password.
 
David