>         But aren't all non password protected actions through the web
> confirmed anyways?  Sure, if the person gets the password for the
> subscriber, then you can have a problem, mind you, you'd have to do a
> ``no-password'' on the validate also.  Trust me it is VERY annoying to
> have to confirm an unsubscribe.  Particularly if you are unsubscribing,
> and leaving for a while, and then you get back to find your mailbox full
> of mail you thought would stop with the unsubscribe request...

1: Don't forget LISTSERV's standard command interface - mail.  I can't
   remember the origins of this debate, but if you're validating confirm
   messages then you're also preventing me forging someone else's
   unsubscribe request by mail.

2: Why not "Set <listname> NOMAIL"?  That's what it's there for.

Have fun,

Paul