The way I understand it, the Validate= keyword is the first line of defense. The PW= keyword is used for non-critical commands. This makes for totally secure administration, because important system functions have to be confirmed to be executed. That means that if Joe Hack Guy sends a GET listname (HEADer using a forged email account the OK confirmation will go to the account he tried to forge.... However, if you're using the web interface and he has your login and password then you may be at risk. Hope this helps. Please set me straight if I'm off base here folks.... Yours, Adam Audette At 05:14 PM 6/8/00 -0700, you wrote: >Hi there, >We are running List Serv 1.08d. If a password becomes known, is it >possible >for an outsider to do anything to the lists or the List Serv if >they are not >an owner of a list? >Thanks, > >Laura John (425)703-0460 >Group Program Manager >MSNBC.com >http://www.msnbc.com