When a LISTSERV server receives a command message containing multiple commands for local execution, or any command(s) which must be forwarded to another LISTSERV server for execution, the server should send a special confirmation request to the apparent sender to verify the origin of the message. If the confirmation response is not received within some specified time period, the entire request would be discarded. The threshhold number of commands which trigger this confirmation request should be configurable by the site administrator. This confirmation request would precede, not replace, any confirmation requests which would normally be issued for the individual commands in the message. There should be an override mechanism to allow the site administrator to prevent the issuance of the confirmation request for individual messages, so that site administrators using automated procedures to submit mass commands may continue to do so. The LISTSERV network has experienced several incidents in which malicious individuals used forged email to send a single message containing multiple subscribe, signoff, info, or query commands in order to cause one or more LISTSERV servers to mail bomb the individual whose return address was forged. The requested change will significantly reduce the vulnerability of the LISTSERV network and individual LISTSERV servers to exploitation in this manner. -- Paul Russell Senior Systems Administrator University of Notre Dame