Thanks for your response Andrew!
The overall setup of the announce list feature is sweat, including the e-mail verification features and I do understand that the final authorization needs to go through the DH server, however that would still be the case!
The authorization works by someone calling 'curl http://scripts.dreamhost.com/add_list.cgi?g=22d8433616a6a2e3c004e5038fd5430e.', that can be the user clicking on it in the e-mail or copying to a browser or forwarding it to a friend and the friend clicking on the link. It could also indeed be my server forwarding the call a user has made as 'curl http://my-server.com/add_list.cgi?g=22d8433616a6a2e3c004e5038fd5430e.', technically for the DH server all three are the same as the call is entirely context free.
My intention is no to bypass the DH server at all, rather, I would like to use the same mechanism I can already use for initiating the subscription process, where the user calls my URL and my 'server' sends the add_user API command to DH. The confirmation ID is still generated and sent out by DH, the only thing that has changes is that I could now theoretically record the confirmation numbers. Those however serve the single purpose of authorizing a specific e-mail address, by clicking on the link the user has already agreed to that process and given that the IDs are essentially one-time-pads there should be no security issue?