Thanks for the information.
My knowledge of HTMl is rusty, but instead of a link/url in a HTML-based notification email, couldn't you include a form with a POST action?
I recognized that the Joomlapolis CB team may consider it inadvisable from a security perspective to use such a plugin, but I don't understand any reason why it couldn't be done. Heck, after all, a person could modify the PHP code in CB that sends the admin notification email to hardcode in a URL to a separate PHP page that just access the CB MYSQL tables directly to approve or block a user - a php page with url parameters of ?user=<username>&action=[approve|reject]&secretkey=<secretkey>
So is it that it can't be done OR that it shouldn't be done?