On Wed, 17 Nov 1993 16:45:36 EST Jim Jones <[log in to unmask]> said:
 
> PS - If your users are willing  to twiddle their mail headers, or spoof
> mail from the  routed address, then they can remove  themselves. But if
> they are willing  to go to all  that trouble, they can  spoof mail from
> "maint", "postmaster" or the defined  list owners and remove themselves
> no matter how you have it setup.
 
If  you do  have  "Validate= All",  this will  not  work because  SIGNOFF
requests will be  forwarded to the list owner and  subscribers won't know
the  list password,  so spoofing  the list  owner will  just result  in a
message asking to  please specify the password. So this  scheme will work
for 1.7f, even though it's not very practical.
 
In 1.8a  however users  are always  able to  sign off  a list  via cookie
validation, so this will  no longer work. On the other  hand, this can be
easily  accomplished  by coding  a  list  exit  which  returns 1  at  the
DEL_FILTER point, after sending a suitable message.
 
  Eric