Also issue commands: Q NETWORKER FOR userid@node for additional possible clues. Have them CC: you when they attempt to post to the list. Look at all RFC822 headers. See if they have a SENDER: address different from their FROM: This is sometimes problematic esp. on "controlled" lists. What does the LISTSERV log say about these attempted posts?