>That sounds exactly like what Majordomo2 does already. You still have to
>go through confirmation when you register, even when you assign a password.
>That password is meaningless until something secret sent to the email
>address comes back. Everything in Mj2 works on this principle (unless, of
>course, it's configured to do otherwise).
There may be a subtle variation. In our system the *account* is enabled
before the email address is validated. This is, however, because people can
in theory do things without using their email address - e.g. to change
their personal details used on their "personal web page" or to come back
and provide an alternative email address because the first one was a typo
:) As it happens we never got around to offering any of these services but
I think the distinction is valid.