A suppression list is a list of suppressed e-mail addresses used by e-mail senders to comply with the CAN-SPAM Act of 2003 (United States of America).
The original sender of the email messages who provided the opt-out mechanism may be liable for suppression list abuse.
The best practice in distributing these lists is to avoid sending the email addresses themselves as plaintext, but instead send a list with one "hash" per line, each hash generated from an email address using a one-way cryptographic hash function.
Internal mailing lists can be scrubbed by using the same hash function to generate one "hash" for each email address on internal mailing lists, and if the internally generated hash matches any of the hashes on the suppression list, then the corresponding email address on the internal mailing list *should* be removed.
Because the hash is one-way, it's not possible for a person to recover the original email address if that person only has the code, making it impossible for that email address to accidentally or deliberately be *added* (rather than removed) from internal mailing lists.