Beu, Ed (DOA) writes: > We've discovered that if the Unsubscribe_Policy is set to Yes (1), > the moderator can unsubscribe members without the members input! > The member simply gets a notice that they've been unsubscribed.
But that means that *anybody* can unsubscribe a member, since only moderation is enabled by the moderation password, not other list management features such as subscription management. So there is apparently no authorization or authentication required to unsubscribe someone. That may be OK in your environment if nobody knows about it (it's too much to expect that in a large organization there's neither malice nor mischief about!), but you may need to change policy if you get a spate of unexpected unsubscriptions. You also should avoid "one click" unsubscription footers. -- Associate Professor Department of Policy and Planning Science http://turnbull/sk.tsukuba.ac.jp/ Faculty of Systems and Information Email: turnb...@sk.tsukuba.ac.jp University of Tsukuba Tel: 029-853-5175 Tennodai 1-1-1, Tsukuba 305-8573 JAPAN ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org