Since someone raised the question about assigned IPs in the 35.12.xx.yy range, let me try to clear the air.... If you check the host tables: http://www.dns.cl.msu.edu/hostfile/hosts.msu and scan through the 35.12. range, you can see many, many specific address ranges that are related to dialup hosts (for example, 35.12.8.1 is remote dialup at ACD.net, 35.12.9.52 thru 99 are michnet dialup connections, etc). I know that there are also specific ranges that are assigned to people connecting via dialup. I'm not proposing any blocking of static IPs that are known to be assigned to specific departments or devices with unique DNS names. I'm refering to specific ranges within 35.12.xx.yy which can be identified as external dialup connections, not the entire range. At least one Exchange server admin I spoke with this morning is seeing the majority of messages with the infected, password protected ZIP files coming from various addresses in this range. Again, I don't know if this is feasable, or what can or can't be done. I'm just trying to think about the problem, and what might be done to limit traffic problems. I'm no expert... that's why I'm posting here to ask for ideas. (Hint hint: Doug, Rich, Joe, Mike? Any ideas?) John A. Resotko Head of Systems Administration MSU - Detroit College of Law 208 Law College Building East Lansing, MI 48824-1300 email: [log in to unmask] Phone: 517-432-6836 Fax: 517-432-6861