I guess its rather about writing into that room in first place.
since being able to post into that room, and nothing happenes is bad usage experience.
once a room is created, you can already limit the number of users being able to write into it.
I guess you don't want to authenticate?
Right, the email addresses allowed to post to the mailing list wouldn't have
accounts anyway, and adding authentication to that process would probalby
be impossible.
how would you gain such rights? by a logged in room aide?
By writing code to handle this situation.
its about, how would (should) it work for the user, not how would it be implemented.
when its clear how the first should work out, we can talk about the second.