I know Pete can speak for himself but I underst that to mean that if mail should happen to get forwarded to [log in to unmask] from a person's e-mail address then the person will be removed. But as Hal said, this may interact with the Validate setting to help prevent that. So if some spam-bot happened to keep spewing spam From: the victim and To: the -unsubscribe-request address then that could cause repeated issues as well. Hal Keen wrote: >> Isn't it trivially easy for spam software to forge a FROM: and/or TO: > address? As you know, there are special listserv mail list aliases > (addresses) that perform this UNSUB function w/o any body of text. > > It is not hard to forge a From: address. Therefore, the Validate= keyword in > the list configuration ought to be checked. Signing off ought to require > confirmation, and that confirmation wouldn't happen if the request was sent > with a forged From: address. > > [ I don't understand the notion of forging a To: address, except on a > forwarded copy. One can certainly send a message with the actual recipient > on the Bcc: header line, but that's not "forging" anything. ] > > Hal Keen >