We are getting bounces from [log in to unmask] probably due to incompetence of his ISP at cbn.net.id Just so people understand how I know this... ...and to try to learn how to better handle this problem which has really disrupted our list in the past... The email headers for one of the bounces contains the section reproduced below. There are two important things to notice. First, the email passes through MITVMA.MIT.EDU twice. In my experience, this is a dead giveaway that the email is a bounce. The bounce detector and eliminator used by http://www.piclist.com/techref/postbot.asp looks for exactly that. I've suggested to lsoft that they also look for that, but they are a busy lot I guess or maybe there is some reason why that won't work for them. Second, the first time (read from the bottom up) that is passes MITVMA.MIT.EDU, it heads off to the ISP at memphis.cbn.net.id and they report delivering it to [log in to unmask] If it comes back to the list again with that first part of the header still attached, it was after this persons machine (or their ISPs machine) touched it so that is the root of the problem. Now, what is "interesting" is that [log in to unmask] isn't (hasn't been) subscribed to the list! Neat huh? But the list server has a totally cool feature that allows one to scan for any part of an email address or name. So scanning for indesso comes up with [log in to unmask] who IS (was) subscribed. What I would like to have is a script that parses the headers of any message that is detected by the postbot as being a bounce and tries to figure out who the subscriber is that caused the bounce. So they can be automatically deleted rather than waiting until a human is available to do the detective work and drop them. This one was fairly easy due to the memphis.cbn.net.id machine adding the (not required) comment about who it delivered it to. There is apparently an immense amount of variability in the layout of email headers. If anyone out there with lots of email ISP experience (I have VERY LITTLE) knows more about this sort of thing, please comment. Received: from MITVMA.MIT.EDU by MITVMA.MIT.EDU (LISTSERV-TCP/IP release 1.8d) with spool id 8739 for [log in to unmask]; Tue, 27 Mar 2001 04:48:43 -0500 Received: from MITVMA (NJE origin SMTP@MITVMA) by MITVMA.MIT.EDU (LMail V1.2c/1.8c) with BSMTP id 1059; Tue, 27 Mar 2001 04:48:03 -0500 Received: from smtp3.cbn.net.id [202.158.2.53] by mitvma.mit.edu (IBM VM SMTP Level 320) via TCP with SMTP ; Tue, 27 Mar 2001 04:47:58 EST X-Comment: mitvma.mit.edu: Mail was sent by smtp3.cbn.net.id Received: from indesso.co.id (unknown [202.158.57.39]) by smtp3.cbn.net.id (Postfix) with ESMTP id 3D78D5371C for <[log in to unmask]>; Tue, 27 Mar 2001 16:48:47 +0700 (JAVT) Received: from jktm [200.80.80.201] by indesso.co.id [200.80.80.201] with SMTP (MDaemon.v3.0.4.R) for <[log in to unmask]>; Tue, 27 Mar 2001 16:45:10 +0700 Received: FROM indesso.com BY jktm ; Tue Mar 27 16:45:08 2001 +0700 Received: from Pending... [200.80.80.202] by indesso.com [] with DomainPOP (MDaemon.v3.0.4.R) for <[log in to unmask]>; Tue, 27 Mar 2001 16:43:01 +0700 Delivered-To: [log in to unmask] Received: (qmail 11772 invoked from network); 27 Mar 2001 15:16:09 +0700 Received: from unknown (HELO cherry.ease.lsoft.com) (209.119.0.109) by memphis.cbn.net.id with SMTP; 27 Mar 2001 15:16:09 +0700 Received: from PEAR.EASE.LSOFT.COM (209.119.0.19) by cherry.ease.lsoft.com (LSMTP for Digital Unix v1.1b) with SMTP id <[log in to unmask]>; Tue, 27 Mar 2001 3:14:45 -0500 Received: from MITVMA.MIT.EDU by MITVMA.MIT.EDU (LISTSERV-TCP/IP release 1.8d) with spool id 5099 for [log in to unmask]; Tue, 27 Mar 2001 03:12:51 -0500 Received: from MITVMA (NJE origin SMTP@MITVMA) by MITVMA.MIT.EDU (LMail V1.2c/1.8c) with BSMTP id 5271; Tue, 27 Mar 2001 03:12:45 -0500 --- James Newton (PICList Admin #3) mailto:[log in to unmask] 1-619-652-0593 PIC/PICList FAQ: http://www.piclist.com or .org