I was recently trying out PHPlist for my website BonusEmails.com, but I couldn't get it to work. I ended up getting a copy of PHPMailer (it's what PHPList was built with) and just coding my own custom system on top of it.

If you are prepared to customize and integrate PHPlist yourself, building your own on top of PHPMailer will probably be just as easy and take the same amount of time. And at that point, you will have complete control (My opt-in and opt-out pages are dynamic, I build my emails in a database, and can have them fed on a timed schedule, when users request the next one, or when I manually send one out, and I have stat tracking built into the whole system).

It's taken me a couple days to do it all, but I know that it's faster, simpler, and can be fixed 6 months down the line with just a glance at the code rather than a complete relearning of someone else's framework.

As far as I know it shouldn't be a problem, though you would probably have to make sure the original domain allows POST and GET requests from outside sources (which is a security risk, but you can add a secret hash code on both sides to minimize issues, ie. $hash = 'th1sis4rea11y1ongh4sh'; if($hash != $therealhash) {die;})

Now I am learning PHPlist.

With all such programs you must ask about how well security methods are applied to the application being downloaded or used. How well do they keep up with known trends in security. PHPList appears to be a one man show, based on the SourceForge project used for it, so secure may not be on the top of the list. I use Drupal for my CMS and it is a funded open source project that has the means to deal with security on a full time basis so as long as you keep up with the recommended versions then you should be as secure as can be. Add in contrib modules get scrutinized by the Drupal security teams as well.

Thanks guy for all replies.