On Wed, 17 Nov 1993 16:45:36 EST Jim Jones <[log in to unmask]> said: > PS - If your users are willing to twiddle their mail headers, or spoof > mail from the routed address, then they can remove themselves. But if > they are willing to go to all that trouble, they can spoof mail from > "maint", "postmaster" or the defined list owners and remove themselves > no matter how you have it setup. If you do have "Validate= All", this will not work because SIGNOFF requests will be forwarded to the list owner and subscribers won't know the list password, so spoofing the list owner will just result in a message asking to please specify the password. So this scheme will work for 1.7f, even though it's not very practical. In 1.8a however users are always able to sign off a list via cookie validation, so this will no longer work. On the other hand, this can be easily accomplished by coding a list exit which returns 1 at the DEL_FILTER point, after sending a suitable message. Eric