Have I made this clear? YOU CANNOT REQUIRE OR EVEN SUGGEST THAT AN MLM
DO ANYTHING WITH SUBADDRESSING UNLESS IT IS EITHER A 'MUST' STANDARD OR
YOU HAVE A WAY OF TELLING ON THE FLY IF THE REMOTE SITE SUPPORTS IT.
I strongly disagree.
It's not reasonable to use *any* return-path or header that's visible,
as a password to access sensitive information.
(One could even imagine that the security considerations section of an
RFC saying you MUST NOT use a Return-Path or From header as an
authentication mechanism.)
But if the list is potentially available to anyone just for signing
up, comparing the return-path isn't really an authentication mechanism
-- it's just a crude heuristic to filter out bogons.
There's nothing wrong with refining that heuristic to allow posting
from xxx(_at_)yyy(_dot_)zzz if the subscriber address is
xxx+foo(_at_)yyy(_dot_)zzz(_dot_)
Keith