Good day, The signature in the subject is hitting mail sent from legitimate, authenticated users. It is just too general, the signature doesn't (perhaps it can't) distinguish between legitimate use or not. As I said, authenticated users are being blocked, and I can see that by looking at the header that triggers the signature: > Received: from [192.168.1.101] (customer-189-254-221-51-sta.uninet-ide.com.mx > [189.254.221.51] (may be forged)) > (authenticated bits=0) > by mail.DOMAIN.com.mx (8.14.4/8.14.4) with ESMTP id oA5G8WdM010436 > for <USER@xxxxxxxxxxxxx>; Fri, 5 Nov 2010 10:08:40 -0600 (CST) (I changed my domain to DOMAIN, and username, to prevent spam harvesters grabbing a real mail address) I can provide more info if required. -- René Berber