> Isn't it trivially easy for spam software to forge a FROM: and/or TO: address? As you know, there are special listserv mail list aliases (addresses) that perform this UNSUB function w/o any body of text. It is not hard to forge a From: address. Therefore, the Validate= keyword in the list configuration ought to be checked. Signing off ought to require confirmation, and that confirmation wouldn't happen if the request was sent with a forged From: address. [ I don't understand the notion of forging a To: address, except on a forwarded copy. One can certainly send a message with the actual recipient on the Bcc: header line, but that's not "forging" anything. ] Hal Keen