I am (unfortuantely) prone to running off at keyboard prior to reading /considering ALL related postings, but .... after several hours of deleting garbage and trapsing thru RSCS, LISTSERV and mailer logs, It occurs to me to ask " are we making it too easy / giving these turkeys too much credit" ? The last few 'batches' of bogus stuff appear to be propagated via LISTSERV i.e. it does NOT appear that the <insert your description of idiot here> is getting list of lists, sorting, generating commands and sending then to specific sites - it almost seems ( from quantity/timing ) that the <?> is simply sending commands: sub * john doe and review * to any listserv site and that site is doing the work for the person. ( for the Steve@pearson / 100013.1274 compuserve blitz, I see three items arriving here from listserv@INDYCMS - each of those three items resulted in 20-25 error messages ) If this turns out to be the case, can anyone think of a legit reason to allow wild cards in the SUB or REVIEW commands ? ( I thought I saw LISTSERV reject an item here the other for "too many commands" - does anyone know if that is strictly 'lines in mail to listserv' or if expansion of wildcards is included ? ) (yawn) I'm sure I'm only dreaming that I typed this -- mike