What upsets me about newsletteer opt-out systems is that I do not always know what email address they sent the thing to - so when I try to opt out it says that my email address is not on the system. Good optin-optout systems don't do that - or at least remind me who I am subscribed as.

Also - if security is important, you should use "double opt in" so they opt in to the list but have to confirm the wish to opt in from a conformationary email. This stops people adding email addresses of people they hate.

OK so the "double opt-in" is what i had in mind - here I send an email to the registered address with a link to click which goes to a page that sets an "active" field in the database right? So what should the querystring in the link consist of - i don't want to use the signed up email address because again that can be used by other people - could i create a random number and store this in the active field to check against! Hmmm i think that sounds good.

As for opting out would a link on the bottom of any emails sent like the opt-in do. Maybe the "active" field could be used here as well comparing against an active code(?). I don't think a double opt-out is necessary because to opt-out from the site itself you'd have to be logged in - which means unless you've given away your password - means it should be you. 100% percent security isn't vitally important but i do want it to be nominally secure.

Any other ideas?

Cheers