> Recently my server received a subscription request from a user at > CUNYVM. For reasons unrelated to this query, the subscription request > bounced. What I'm trying to understand is: how did a real mail origin > of CUNYVM become "CUNYVM.HARVARD.EDU"???? Unfortunately, it's easy and quite common. You don't have enough evidence in this case, though, to point the finger of blame. The basic scenario is this: the mail originator was presumably sending mail from one BITNET node to another (CUNYVM to HARVARDA), and the addresses, therefore, should not have required any further qualification than xxxx@CUNYVM and [log in to unmask] In practice, there is a mail "domain" called ".BITNET" even though it is not officially recognized anywhere. Still, since both sender and receiver were in the same "domain", the ".BITNET" suffix would have been either "illegal" (by the official view) or unnecessary (by the de facto view). Unfortunately, the mail got mixed into a processing path somewhere along the way including non-BITNET-only mail. The exact point where this occurred is not apparent from the evidence. In this case, it may actually have occurred at the point of origin (the sender may, for example, have sent the mail to [log in to unmask]). Alternatively, it might have occurred somewhere at Harvard. In any case, when the mail passed through some MTA at Harvard, the unqualified name CUNYVM was interpreted in terms of Internet standards, i.e., the local domain was assumed to be "HARVARD.EDU" rather than "BITNET". John