[Mailman-Users] feature request (email confirmation)

[Will Yardley]

It seems like it would be nice to setup a method of confirmation for
*approving* messages that uses a unique token instead of the list
password; while (hopefully) in most cases, the moderator will be sending
approval messages over SSL or from the same machine the list is on, it
seems like a bad idea to make the confirmation token the list password
(especially in case you accidentally add the 'Approved:' header to the
wrong message, or in case someone spoofed a message appearing to be from
Mailman in order to try and scam list passwords)....

How about generating a unique one time password and having people add
this to the Approved: header? This would make it much harder for someone
to accidentally disclose the list (or worse, site) password.

-- 
"Since when is skepticism un-American?
Dissent's not treason but they talk like it's the same..."
(Sleater-Kinney - "Combat Rock")