On another note, the logical approach IMO is to build this functionality into Mailman, rather than having to attach TMDA to your Mailman installation. TMDA includes much more than is relevant for protecting a mailing list.
Mailman already includes most of the tools to make this work. TMDA's challenge system is no more complex than how Mailman verifies a new subscriber. Once you turned this feature on, Mailman would store unconfirmed incoming messages under qfiles/ somewhere, prompt for confirmation, and release the message to the list once the confirmation is returned.
I envision Mailman's web configuration interface making this very easy. A checkbox to toggle whether existing subscribers are allowed through, a textbox to enter explicitly blacklisted addresses, etc.
Gravy like the "auto-whitelist" feature could be stolen from TMDA (also a pure-Python, GPL'd app) if necessary.
I'd expect this to be no more than a few days work for someone intimately familiar with Mailman's source.
I don't know of any MLM with this functionality built-in, and it will virtually eliminate all spam. How's that for motivation? <wink>
-- (http://tmda.net/)