The task IS arduous and usually depends on the cooperation of various system administrators at the LISTSERV hosting site which might include the folks responsible for LISTSERV, SMTP, and MAILER (sometimes one person, other times three). Then, you back- track to the intermediate site(s) if possible, (the SMTP delivery log is useful, but be sure to use the IP address stamped by SMTP and not the hostname provided via HELO which the spoofer provided), hoping that you did not encounter a dialup terminal server that did not do authentication. Again, the cooperation of of non-LISTSERV sysadmins is required. There is no fool-proof method, and it seldom can be done JUST with the tools AND systems available to the single listowner. - -- co-owner INFOSYS, TQM-L, CPARK-L, ERAPPA-L, JANITORS, LDBASE-L, et -L [log in to unmask] "Are you E-mail Diverse?" +1 814 863 1843 31 Shields Bldg. -- Penn State -- University Park, PA 16802-1202 USA