Someone sent mail privately asking for more information about the kind of problem described. The basic idea is that it's pretty trivial to send a message from an arbitrary email address -- I can send a message using someone else's email address in my "From:" header. Using this technique, someone then could issue commands to LISTSERV that appear to be from you. (We recommend Validate= Yes,Confirm for this reason; without validation turned on, someone could forge a "del listname *@*" from a listowner address and delete everyone from the mailing list.) So it's possible that someone could forge a "SIGNOFF" command from another user. By default LISTSERV does not require confirmation of SIGNOFF commands, so the command would be honored and the subscriber would be removed. This is true even with "Validate= Yes,Confirm". Most of the time this issue doesn't come up--people aren't normally malicious in this way. However, if it comes up, the solution is to use "Validate= All,Confirm", which will require that even SIGNOFF commands require validation. The discussion of the "Validate=" keyword in Appendix B of the Site Manager's Manual includes a handy chart showing which commands require validation for which values of "Validate=". Thanks, -- Jacob Haller, Technical Support, L-Soft international, Inc LISTSERV (R) is a registered trademark of L-Soft. Support is available 9:00-18:00 ET, Monday-Friday except on the following holidays: http://www.lsoft.com/products/default.asp?item=holidays