Anyone getting messages from the list can see the ‘Delivered-To: Moderator for ...’ header and realize that the list is moderated. In the authors opinion, this is fair and appropriate. If this bothers you, edit the source of ezmlm-store.c.
While the fact that the list is moderated will be disclosed by the headers, the moderator(s)' identity will not be disclosed by the header. Moderators are anonymous to anyone who cannot directly read the mail log, the moderator list, or monitor your outgoing and incoming mail. Anyone intercepting the acting moderators' mail or able to read the mail log can determine who took a particular action.
Moderator email addresses are not (to our knowledge) disclosed by any ezmlm mechanism. Thus, the poster does not know who rejected/accepted the message. Other moderators can find out that the message was accepted (by seeing it on the list or by themselves committing to a reject/accept reply) or rejected (by being informed by the poster or by themselves committing to a reject/accept reply). If no moderator takes any action for a given time (120 h - configurable to anything 24-240 h via DIR/modtime - and the parameters are likewise configurable at compile time via idx.h) the message times out, an act for which no particular moderator can be held accountable.
Subscription requests are acted upon only if a moderator completes the transaction by approving the requests. Requests can not be directly disapproved, but the associated cookie becomes invalid after approximately 11.6 days. Neither the subscriber nor the other moderators know which moderator accepted the subscription request. Requests to unsubscribe from the list are never moderated or otherwise controlled, except by requiring confirmation from the subscriber (normal unsubscribe) or the moderator that initiated the request (remote administration). If several moderators approve the same subscribe request, the user gets multiple notifications.
The triggering message (the moderation approval or the moderator's completion of the subscription request) are not returned or logged. This protects moderator anonymity, but makes it harder to track down the offender in case of abuse. Only a good mail log will help. IOHO, abuse of these mechanisms requires considerably more effort that it is worth to (un)subscribe someone to a list. Also, IOHO, moderator anonymity is more important. If this increased difficulty in tracking down abusive behavior bothers you, don't use the remote administration and moderated subscription features.