Zitat von "Richard G. Ball" <Richard_Ball@merck.com>:
You could simply pre-process these messages to remove any email address since it isn't being used anyway.
Why isn't it used anymore? It has been always very useful to (un)subscribe from an address which isn't the address from where you are sending the request. I didn't saw any notice that this feature has been removed and I don't know why it should be necessary to remove it. Can you shed some light on this?
No released version of SmartList I have ever used has actually accepted this form of (un)subscribe. For simple security the subscribe command would accept only the address from which the mail was sent (so a malicious user couldn't subscribe someone else nor could they unsubscribe someone else).
Security never had top priority with SmartList (which is used to manage rather unsecure messages). It was always possible to unsubscribe another address not mentioned in the "From(:)" header. Even the unsubscribe script from SmartList gives the advice to sent a new unsub request with the string "unsubscribe the_address_you_meant" if no email address in the request matches the addresses in the dist file. Werner