If yes to my second question, then the tracking numbers either need to be made much longer and randomized or a one time pass phrase (session key) needs to be added to the acknowlegement form.
You can actually set a domain name so that it cannot be changed, by any template, by any modification, correct guardian or NOT.
Sounds like a nonreversible setting to me. What if you need to change it? Anyway, I think that by default, the update goes through automatically, a positive acknoledgement is ignored (default behaviour) and a negative acknowledgement is honored. (Which means AOL should have been able to stop it). Then there is the setting where the update will not go through by default, and a positive acknowledgement is required. As to whether it all works as advertized (and PGP auth too?), who knows? -Phil