[Mailman-developers] what to do with confirmation of web based subscriptions

[Scott]

proposal concerning web based subscriptions:

*allways* use confirmation, even if the list doesn't require them via
email. 

If you don't, it's a security hole for any mailing list that doesn't
implement it, and for out of service-attacks against the system
mailman on which mailman is running.  Even if a list is not advertised,
it is still vulnerable to this, as an "attacker" could well find out
the name of list by other means.

it seems that as mailman becomes more widely used, more and more lists
will have a problem with this.

comments?

Scott Cotton
IC Group Inc