Hi Something crazy has happened here. I have setup that users from inside only are only allowed to use http and ftp. At client machines, when you install msn messenger, you can get out. Even without using as proxy configuration. How come such a things is possible without changes to msn itself and not even try to cheat on proxy? I thought that if I don't publish the rule, it will be automatically concerned as a black application. I have followed the article on web site about msn signature, but that is about when a user tries to cheat and use http Help is appreciated