I hope it doesn't come as too much of a surprise that, yes, it is common practice to set REVIEW=OWNER, for various reasons, but especially as a spam deterrent. As I understand it, this still allows anyone to receive a list header upon a REV request (instead of the subscriber list itself) unless you also set CONFIDENTIAL=YES. At least I presume this hasn't changed with 1.8c (corrections welcome). I own some 25 lists, most of which are committees of a very limited membership (SUBSCRIPTION=BY_OWNER), and are thus set CONFIDENTIAL=YES. These are the lists where REVIEW=PRIVATE. The "public" (non-confidential) lists are set REVIEW=OWNER. Subscribers concerned with the availability of the subscriber list can get the list header to find out what the rules are. Nothing should be assumed across the board. Tradition to one list can be anathema to another. I don't know if this is only a recent tactic (it is in my experience), but I am now getting messages, submitted to my moderated lists, which pretend to be FROM: OWNER-LISTSERV@<myhostname>. While this didn't work as intended by the spammer, it is only a matter of time before they bother to retrieve the actual owner/editor addresses. This is another example of the kind of tactics listowners have to be proactively vigilant of. (Those with 1.8c have a nice way to handle this: SEND=EDITOR,HOLD,CONFIRM.) George Buckner Listowner, [log in to unmask]