Thank you all for your insights in the Challenge/Response question. I am convinced this is not the way to go. In fact, I used some of the same arguments to the client when he brought it up.
The problem remains, however: How do I prevent spoofing? In this case they have a real fear due to a board member who is soon to be ejected from the board and have organizational membership taken away. They feel he is capable (both emotionally and technically) of major disturbances on one or more of about a dozen mailing lists the organization maintains. What makes this even more of a challenge¹ is that the account is on a shared server. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp