Consider having your generated command email be "From:" the user involved, instead of the admin address.  Then the confirmation request will be sent to them, as I understand things.  This way, you will be protected from potential malicious people who might use your portal to apply changes "on behalf of" unsuspecting subscribers - the change won't take effect without some proof that the email address owner actually wants it - and you did say you want to protect security.

>>> [log in to unmask] 05/19/03 12:28PM >>>
 . . [snip]
So I wrotew an app in asp.net to use as the core of the routine which builds an email and sends it from me (the admin) and it works just fine.

Except I get an email asking me to confirm the change.
 . .  [snip]
I do not want to lose the control and lose the 'security' of the list, but it kind of defeats the purpose if I have to approve everything - might as well just make the change myself and be done with it.