Hello everyone, My organization has a mailbox called 'HostMaster' and last night someone sent a message titled 'test, please ignore' to the Hostmaster mailbox. What is weird, is that the message says that it is from itself (HostMaster@xxxxxxxxxxxxxxxxxxx <mailto:HostMaster@xxxxxxxxxxxxxxxxxxx> ). Only one person has permissions to this mailbox and he did not send it. The To: field and CC: field in the message are blank. This indicates that the message was sent using a BCC: field. Is there anyway that I can see what was put in the BCC: field? Better yet, I have provided the header information from the e-mail: Received: from mbserv002.globalknowledge.com ([172.16.56.25]) by mbserv002.globalknowledge.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 1XBJ8D65; Mon, 3 Mar 2003 18:40:28 -0500 Received: FROM h002078cc3b91.ne.client2.attbi.com BY mbserv002.globalknowledge.com ; Mon Mar 03 18:40:11 2003 -0500 subject: Test, Ignore.. MBSERV002 'reflects' our internal bridgehead here. Is there any information here that would help me to determine who sent this message. If it were sent from within our company, SMTP would not be involved. Only the X400 connectors would have been used.... is the 'h002078cc3b91.ne.client2.attbi.com' the culprit here? If so what is my next step in finding out who this is or at least reporting them to some type of authority? Thanks for any info. I am new at this. Thanks, Chris Wall