On Tue, 23 Jan 1996 16:46:38 EST you said: >Hmm, why don't you just add *@WINTERNET.COM to your Filter= ? :) > >Nathan > This probably belongs only on SPAM-L but since it was on LSTOWN-L I wanted to add a word of caution: [log in to unmask] was a VICTIM of mail bombing as far as I can tell. But then I haven't heard from the LISTSERV sites which were distributing the commands (UICVM and GWUVM) so I am not sure what their logs show. The domain administrative contact got back to me right away asking if we had lot info (we didn't since it came in as a job). But I did explain how to do a netwide signoff so that may be the signoff folks saw. (Heck, I didn't even think root would be added because it is on the excluded list, but apparently that is bypassed when the command comes in as a job). Anyway, please use some restraint in filtering a whole domain without proof of where the attack really originated. I know Nathan isn't the type to shoot first and ask questions later but it is easy to fall into that trap. And then again, maybe he knows something I don't about the address... ;-) Adding [log in to unmask] would be less restrictive. Marty PS: Calling a list a listserv is like calling a twig a rose...