Why can't LSOFT just look for the fact that the message has passed through the list server twice? In my experience, this is a dead giveaway that the email is a bounce. The bounce detector and eliminator used by the archive script at http://www.piclist.com/techref/postbot.asp looks for exactly that. And it doesn't miss a bounce. I've suggested to lsoft that they also look for that, but they are a busy lot I guess or maybe there is some reason why that won't work for them. The other problem is how to quickly (and hopefully automatically) decide which subscriber is causing the bounces. In the example header I've included below from a bounce on the piclist, the first time (read from the bottom up) that it passes MITVMA.MIT.EDU, it heads off to the ISP at memphis.cbn.net.id and they report delivering it to [log in to unmask] If it comes back to the list again with that first part of the header still attached, it was after this persons machine (or their ISPs machine) touched it so that is the root of the problem. Now, what is "interesting" is that [log in to unmask] isn't (hasn't been) subscribed to the list! Neat huh? But the list server has a totally cool feature that allows one to scan for any part of an email address or name. So scanning for indesso comes up with [log in to unmask] who IS (was) subscribed. What I would like to have is a script that parses the headers of any message that is detected by the postbot as being a bounce and tries to figure out who the subscriber is that caused the bounce. So they can be automatically deleted rather than waiting until a human is available to do the detective work and drop them. This one was fairly easy due to the memphis.cbn.net.id machine adding the (not required) comment about who it delivered it to. There is apparently an immense amount of variability in the layout of email headers. This variability would be eliminated if LSOFT list servers would add a consistant note as to the email address of the member they are sending the message to. If anyone out there with lots of email ISP experience (I have VERY LITTLE) knows more about this sort of thing, please comment. --- James Newton (PICList Admin #3) mailto:[log in to unmask] 1-619-652-0593 PIC/PICList FAQ: http://www.piclist.com or .org Received: from MITVMA.MIT.EDU by MITVMA.MIT.EDU (LISTSERV-TCP/IP release 1.8d) with spool id 8739 for [log in to unmask]; Tue, 27 Mar 2001 04:48:43 -0500 Received: from MITVMA (NJE origin SMTP@MITVMA) by MITVMA.MIT.EDU (LMail V1.2c/1.8c) with BSMTP id 1059; Tue, 27 Mar 2001 04:48:03 -0500 Received: from smtp3.cbn.net.id [202.158.2.53] by mitvma.mit.edu (IBM VM SMTP Level 320) via TCP with SMTP ; Tue, 27 Mar 2001 04:47:58 EST X-Comment: mitvma.mit.edu: Mail was sent by smtp3.cbn.net.id Received: from indesso.co.id (unknown [202.158.57.39]) by smtp3.cbn.net.id (Postfix) with ESMTP id 3D78D5371C for <[log in to unmask]>; Tue, 27 Mar 2001 16:48:47 +0700 (JAVT) Received: from jktm [200.80.80.201] by indesso.co.id [200.80.80.201] with SMTP (MDaemon.v3.0.4.R) for <[log in to unmask]>; Tue, 27 Mar 2001 16:45:10 +0700 Received: FROM indesso.com BY jktm ; Tue Mar 27 16:45:08 2001 +0700 Received: from Pending... [200.80.80.202] by indesso.com [] with DomainPOP (MDaemon.v3.0.4.R) for <[log in to unmask]>; Tue, 27 Mar 2001 16:43:01 +0700 Delivered-To: [log in to unmask] Received: (qmail 11772 invoked from network); 27 Mar 2001 15:16:09 +0700 Received: from unknown (HELO cherry.ease.lsoft.com) (209.119.0.109) by memphis.cbn.net.id with SMTP; 27 Mar 2001 15:16:09 +0700 Received: from PEAR.EASE.LSOFT.COM (209.119.0.19) by cherry.ease.lsoft.com (LSMTP for Digital Unix v1.1b) with SMTP id <[log in to unmask]>; Tue, 27 Mar 2001 3:14:45 -0500 Received: from MITVMA.MIT.EDU by MITVMA.MIT.EDU (LISTSERV-TCP/IP release 1.8d) with spool id 5099 for [log in to unmask]; Tue, 27 Mar 2001 03:12:51 -0500 Received: from MITVMA (NJE origin SMTP@MITVMA) by MITVMA.MIT.EDU (LMail V1.2c/1.8c) with BSMTP id 5271; Tue, 27 Mar 2001 03:12:45 -0500