We have recently set up Exchange 2000. We wanted to make sure we did not have any open relays and followed the instructions given in Mark Fugatt's article: "Understanding Relaying and Spam with Exhange 2000." Testing with the telnet session is successful, however, if a spammer really wants to use our server, all they need to do is setup an Outlook Express client with a bogus email address, tell OE to authenticate to our smtp server and provide a bogus username and password and the email will be relayed. I do not know what we missed, but we must have missed something. If anyone has any ideas, we would greatly appreciated them. Thanks, Scot