Do we have any RFCs (or even I-Ds) that describe the preferred '3-way
handshake' method for validating a request to subscribe to a mailing list -
i.e., to first send back - to the requester's source email address - a
"please confirm your subscription" response message (preferably containing
a random token), and then add the address to the mailing list *only if* the
user responds to this second message?
I am constantly fighting with clueless (or lazy, or opportunistic) mailing
list operators who insist on adding bogus email addresses - containing my
domain name - to their mailing lists, without first confirming their
validity. It would be nice if there were an IETF document that I could
point them at.
Ross.
