Hi!We are getting 10 to 20 virus emails with the same return path a week on our small business server. It has been going on for at least 3 months and is obviously intentional. The return path (not From in header) is spoofed.Is it possible to determine the original sender? I would like to notify their ISP. Thanks BobP :)

Look for a free mail bouncer program called Mail Washer. It allows you to black list and bounce back SPAM. (to the real sender!)

I'm not a pessimist, but I'd be extremely careful here.It is possible to use a perfectly working e-mail address - that you don't even own! - in the From, Reply-To, Return-Path and similar fields, without showing any sign of the real e-mail address.The only thing that will be shown in the worst case is the IP address, and it can be very difficult to track which individual it is, thus bouncing an e-mail to that individual would most likely not work.Just a warning from my side.So my hint is the following:Check the message source, and look for these IP addresses (i.e. [111.222.333.444] or whatever) in the Received fields. Can be a bit tricky but if you have several IP addresses and you don't know which to use, try looking up both as described below.Type in the IP address here:http://www.bankes.com/nslookup.htmWhen you've got the name of the domain (something like avsim.com or flightsim.com ... whatever, bad examples in this context though), submit that here:http://www.betterwhois.com/If you have problems with the popups, try any of these:http://www.arin.net/http://www.ripe.net/perl/whoisActually, there are tools out there for this but I can't tell where to find them right now. Try a search on www.google.com if you want these.Dave

Thank you for the info!BobP:)

yAHOO has great filtering software, you should use that. I use yahoo to read all my POP eMail.

that betterwhois.com site is great! Thanks for the tip!Christopher------------------------------------Visit my aviation site:http://www.rhodesyell.com/fly/Read my first solo report (11/23/02)