Mark Sapiro wrote:
On 08/04/2016 08:06 PM, Stephen J. Turnbull wrote:
Beu, Ed (DOA) writes:
We've discovered that if the Unsubscribe_Policy is set to Yes (1), the moderator can unsubscribe members without the members input! The member simply gets a notice that they've been unsubscribed.
But that means that *anybody* can unsubscribe a member, since only moderation is enabled by the moderation password, not other list management features such as subscription management. So there is apparently no authorization or authentication required to unsubscribe someone.
No. It means anyone can request unsubscription of anyone, but the unsubscription requires moderator approval. Presumably the moderator won't approve it if she didn't initiate it.
However, I realize there is a problem in that all unsubscribes, even those initiated by a user with a password, require moderator approval so if a moderator sees an unsubscription request that she didn't initiate, she has no way to know if this was intentionally initiated by the user or inadvertently or maliciously by someone else.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan