> From what I understand now there is no password associatedwith a subscription to a list, nor is there any passwordassociated with the owner/admin role of a list.Can you tell me what you have read that makes it seem like very very insecure? Also, what are you talking about "password associatedwith ..."?> Am I wrongin believing that now someone simply has to send emailswith a forged From: field to hijack control of the list/subscription?Well, what made you believe that? Is there a simple way that folks can easily hijack a list over email?As far as I know, it was audited by a company that worries about such things, http://mlmmj.org/docs/readme-security/ , and does not have a problem... can you please show me how/where/when you are able to hijack a list? mlmmj-test@common-lisp.net is a great place to start, and please feel free to hijack it.Let me know if I have answered all the questions, and let me know the security holes you have discovered.-- drewcIndeed you have answered all the questions I asked and this does clarify the current situation.You did write comments on each of his questions, but could you explain how you think mlmmj addresses the security risks put forward regarding establishing sender identity related to e-mail? I'm not finding an answer to that in your comments. (The fact that the software doesn't contain any security glitches doesn't mean its authentication model is flawless, so the pointer to the security readme isn't the answer I'm looking for.)