moderated Re: Changing email address security issue #misc



I agree with J - I just don't think the risk outweighs the benefit to
the users. Maybe I'm missing some key point about the value of this
As others have discussed, I think the primary use case for the feature is assistance to group members who are having trouble maintaining their subscription.

That's why I suggested limiting it to members who have no other subscriptions - they are the most likely to be brought to by that group, quite likely email only, and possibly naive about how it all works. There will be exceptions, but my theory is that most people with more than one subscription will be a step or two up in terms of using's account features.

I think also that trying to improve the security of the feature by sending a notice or confirmation request to the /old/ address is particularly likely to fail - the member in need may not have access to that Inbox any more, or it may be at one of those services most apt to reject or quarantine messages from


Join to automatically receive all group messages.