On Sun, 14 Jan 90 19:20:34 GMT Eric Thomas said: >>I think that every user has the right to unsubscribe from a list >>whenever he/she wants. > >It's not a problem of "right", but of not being sure that the command >actually comes from you. Given a 20 lines exec and a few minutes, it is >very easy for a "smart" user to REVIEW a large and important list and >zzzap, signoff everybody, clean and neat.... . . > Eric It IS a problem with "right". The situation today is that a user can join a high-volume list without any hint that he/she will not be able to get off that list alone. If the list owner is busy/away/hibernating/disconnected, then the user will continue to receive that high volume of unwanted mail. I find this particularly disturbing for lists which are open subscription. I am not convinced of the need for this safeguard; there are so many things that a pernicious hacker can do that I don't think that any hacker would waste his/her "talents" on something with so little "thrill value". Still, the more safeguards the better, as long as they are worth the bother. So, I still think that postmasters should discourage the use of 'Validate= All commands'. If it is used, I think that a message to that effect should be included in $DEFAULT MAILFORM so that users will at least be warned about this. Finally, I think that best solution is simply to use the user's password for validation, i.e., when a user tries to subscribe to a 'Validate= All commands' list, the user is told that a password is required (the usual password blurb). That way, users are protected from being signed off by hackers. There is even an added safeguard: a hacker can not sign me up for a list on a Listserv for which I already have a password. David