It could also be spam. I've seen spammers try to hammer our lists and also attempt to do address harvesting on our LISTSERV machine which is thankfully behind a firewall. Noel Siksai Avaya Corporate Email and Directory Email backbone, Mass mail, Mailing lists, POST Tier 2 Admin. [log in to unmask] 248-746-5210 (v) 248-362-1618 (f) 248-321-5684 (cell) [log in to unmask] (email to cell) "Every society honors its live conformists and its dead troublemakers."-Mahatma Gandhi -----Original Message----- From: Pete Weiss [mailto:[log in to unmask]] Sent: Friday, March 14, 2003 10:45 AM To: [log in to unmask] Subject: Re: Daily monitoring reports At 10:14 03/14/2003 Friday, Valdis Kletnieks wrote: >On Fri, 14 Mar 2003 09:07:51 CST, Jane K Gehan <[log in to unmask]> said: >> Many of our lists - lists that are not open subscription, and are >> confidental - have the following address on their monitor report. >> This address is not on any of the subscription lists. And it doesn't >> look like it ever was if I look at the modification date of the .list >> file. Any idea on what might be happening here? > >I've seen it get confused when bounces arrive in bad formats or from >the addresses that the recipient address is forwarded to.... End Reply Could this not be a spoofed OWMER-listname@listhost as the RFC821 MAIL FROM field with a bounce with a spoofed RCPT TO that then showed up in DMR? e.g., KLEZ