Declan McCullagh [mailto:declan@well.com] wrote:

Better yet, give anyone on the mailing list a veto over their new membership. Send a cookie to the address that was signed up, and an anti-cookie. If anyone returns the anti-cookie, in effect saying "we don't want to be part of your blasted service," put them on a list of do-not-contact people for half a year or so.

An anti-cookie, I like it. LISTSERV provides a cookie and makes you type "ok" in the body. Making that "ok" or "cancel" and keeping the cookie active for a day or so seems like it would be a really simple modification. One "cancel" of course is over-riding and final. Similarly for majordomo and other custom acknowledgement schemes. Matt -----Original Message----- From: Matthew James Gering [mailto:mgering@ecosystems.net]

---Mark Salamon <mark@sixdegrees.com> wrote:

...

Thanks for the reply. I have now received about 10 such replies. We will take them to heart, remove the cypherpunks and attempt to deal with the mailing list issue in an intelligent way.

Most lists and services have dealt with the problem of someone accidentally subscribing or maliciously subscribing someone else in one of two ways: A) send and acknowledgement message with a randomly generated authorization code that requires the user to respond. B) send out a password and require the user to login before account is activated. This works only if you assume the malicious individual will not receive mail sent to that address. This therefore falls down when the address is a mailing list or other distribution point that the malicious individual has access to directly or via archives.