Not really. Spoofing email is quite easy, but you may never encounter it maliciously - depends (mostly) on whether or not there is anyone out there who bears a grudge against your list population. On the other hand, depending on the technological awareness of your population, you may encounter it quite painfully if one or more of your subscribers allows a worm or virus to infect their computer. The recent Sobig outbreak was, for the site I administer, fairly selective. Lists where the subscribers are in the computing/technology business had few or no "hits" from incoming virus mail, but lists that include many people who use a computer but are not "computer types" had a lot of bothersome traffic. One particular infected machine was producing copies of Sobig at the rate of 6-10 messages per minute - and that's just the ones directed to my site, I have no idea how many it was sending to other places at the same time. So your plan to validate all subscribers and trust them to behave is, generally, fairly sound. But the only way, so far as I know, to really be sure your lists don't distribute one or another of the virus/worm annoyances out there, that generally spoof addresses, is to moderate the list. Activating the LISTSERV(tm) virus detection feature will help quite a bit, but that particular tool is only as good as the most recent signatures update so there is a window of opportunity for the next new bug that comes out - but this is true of every virus detection product on servers or desktops or whatever. >>> [log in to unmask] 09/07/03 01:12PM >>> In a message dated 9/5/2003 8:44:08 AM Central Daylight Time, [log in to unmask] writes: > At 17:31 09/04/2003 Thursday, John Mack wrote: > >I followed these instructions for a list that I moderate. It works > >fine. The only thing is I have to approve my own messages -- I haven't > >set my subscription options to NOREV. > > There is at least one advantage in keeping yourself in REVIEW mode -- it > makes it harder for someone (or thing, like broken bounce mechanisms) > from spoofing your submission address. > > /Pete > Folks Speaking strictly as an amature here, in order to attempt to prevent SPAM, we "confirm" every subscription. We do not "review" or moderate the messages. We assumed that those who were confirmed will not spam and no one can spoof onto our list. Of course, we cannot prevent an authorized subscriber from spamming, but as a group of high school alumni we didn't imagine anyone would spam our list and have their identiy be known as they did so. Aside from "trusting" our subscribers ::)) are these other assumptions correct? Stan