Thee best method for anti-spoofing is to have a three way handshake, which the OK mechanism allows. Anything else is suspect, as you have already indicated via a mail clients RETURN ADDRESS e.g., such as found in Eudora. On one campus-announce only list, we seem to be able to deal w/ the following setup * default-options= NOPOST and with authorized subscribers being altered by the list-owner via SET listname POST FOR authorized_userid@node This does NOT provide three-way handshake, but it is effective for *us*. Non-authorized posters simply get a LISTSERV-generated (I believe from the template) nastygram. If you're getting spoofed messages, then you need to deal with that out-of-band, along with strong institutional policies (if originating internally). YMMV /Pete Weiss -- Penn State