Hi folks: I have nothing more than a little knowledge and a suspicious nature to go on here, but I think that it is possible that the recent problems with "Mr ROK" subscriptions may have been made possible by a WWW cgi script that used to work but now appears non-operational: http://www.netspace.org/cgi-bin/lwgate The author of this page (program) is at Brown University. The IP address for the www.netscape.org system is at Brown University. When I looked at the page a month or so ago, it would only allow subscriptions to a selected list of lists but I would not be surprised if someone could discover a workaround to that or perhaps the program was altered to allow subscription to any list. The most scary part of the page was that it asked the user for their email address. Apart from errors caused by typing, this concept would also cause problems if people's From: line didn't appear like they thought it did. Additionally, it would also be possible to input *any* address, hence creating a really nifty spoofing utility. It seems natural to me that the cgi script would port the commands directly to the LISTSERV@BROWNVM, which is why I bring this whole thing up (someone said it all seemed to come from BROWN). The reason I looked at this page a while back is because I was thinking of doing something similar but was very concerned about the open window created by allowing the user to key in their own e-mail address. The solution I had arrived at was that a person would first have to send an e-mail message to a special bot address which would reply via e-mail with a password that the person would be asked for on the same form as their e-mail address. My logic was that if they sent mail from an account and subsequently received mail there (the password), it would be reasonably safe to reproduce their e-mail address as the From: line in a www-gatewayed message to a LISTSERV. I've done no work on this, so please don't ask for the code... I have just thought it as far through as that and some others I work with pointed out that another password wasn't a very elegant or easy answer either. I hope this helps and I *do* apologize to David Baker if he feels I've maligned his work on the LISTSERV gateway, but this seems a puzzle that few have ideas about so I hope you forgive my rambling. Cheers Mark Hunnibell Email: [log in to unmask] KIDLINK Gopher/WWW Coordinator http://www.connix.com/~markh