From the "request" record, it appears that the accept list is only read when
I am having trouble with a SmartList being used to send SPAM to list recipients. I have the rc.custom file set up to reject foreign submissions. A single, authorized address in the accept file (ex: webmaster@mylist.com). My entire 60,000 member list just received a mailing from someone who apparently set up the authorized address, webmaster@mylist.com, on their own machine, then used it to send an email with attached virus. Would it be possible to avoid this problem in the future by sending a message to the list, then immediately removing the authorized "send" address from the accept file? the message is sent (not at each iteration of the call to flist.) Is this correct? If so, it seems that I could prevent spoofing by de-authorizing all senders immediately after sending a legitimate message. Thanks for your help, or any other advice you may have. Kim R