Public bug reported: This can be prevented by refusing to pend a subscription when one is already pending, but that means if a subscriber loses or doesn't receive the confirmation request email, she has to wait PENDING_REQUEST_LIFE (default 3 days) before she can request another. It can also be avoided by setting the list's subscribe_policy to Moderate, but that may not be desirable in many cases. Because of these considerations, I will implement the refusal to pend a subscription when one is already pending, but make that depend on a new REFUSE_SECOND_PENDING mm_cfg.py setting. ** Affects: mailman Importance: Medium Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1859104 Title: It is possible to mailbomb a third party by repeatedly posting the subscribe form. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1859104/+subscriptions