The mailing list for listmasters using Sympa

[address@concealed (Mitchell)]

Hi list, 

I would jjust like to look at Sympa's security for a minute.  

Over the years I have used several other mailing list managers including 
Listar, Mailman, Majordomo, and ezmlm-idx and have 
found them all to be relitivly good, but none of them until Sympa allowed me 
to use PostgreSQL as a back end which si why I 
am currently using the Sympa list manager. 

My main consern is with the subscribe and unsubscribe functions of Sympa.  
When a user sends a request off to a list, ie 
email address@concealed with a message of "SUB sympa-users" they are given a email 
asking them to click a link to confirm there 
subscription.  This sends another email to address@concealed with a subject of 
"subscribe sympa-users", OK so you already knew 
this. 

My point is that anyone could send a message ot address@concealed and then a 
minute later send off the confirmation email to 
subscribe that address to the list.  Most other list managers send a unique 
key or password to the user which the user then 
has to email back to the list merver to complete the subscribe confirmation.  
In other words, unless you actually get the 
confirmation email that the list server sends out, you can't subscribe to the 
list.  

This strikes me as generally being far more secure than the way Sympa handles 
subscribe confirmations at the moment.  To cut 
a very long winded story short, is it at all possible to get sympa to do 
something like this to make the subscribe 
confirmation process a bit more secure??? 

Thanks for any help you can give.

Later!

From Mitchell