See if there are any misconfigured MX hosts involved. These can produce unpredictable results depending IF they get used in the delivery of email. The way I read your email, s/he is doing forwarding from the old RFC822 address to a new one, further obfuscating delivery. I suggest that the number of user initiated forward directives be eliminated and that the KISS approach be used. Maybe a CHANGE would help? /Pete At 14:14 8/25/2006 Friday, Randy Klumph wrote: >I have a subscriber who belongs to two lists on our server <tr.wou.edu>, a sub site of <wou.edu> > >Recently, I have been receiving the following error from both lists > >11 08/10 08/21 [log in to unmask] >Last error: 5.1.1 550 5.1.1 unknown or illegal user: user@s21699 > >The address in the subscriber lists for this person is <[log in to unmask]> > >If this weren't happening daily, I would assume it was just a spammer's spoofed address. Both lists are private.