Some idiot is broadcasting a phishing spam from a script in their account, or something like that. The sender reference is "nobody" so I am assuming this is the case. Headers all look like this: 1EjKpC-0002Ng-GJ-H nobody 99 99 <nobody@#####.#####.com> 1133806350 0 -ident nobody -received_protocol local -body_linecount 42 -auth_id nobody -auth_sender firstname.lastname@example.org -allow_unqualified_recipient -allow_unqualified_sender -local XX I have hashed out my server name and domain in the above. I know you can recompile Apache with PHP suEXEC Support for a more explicit header if a php script is doing this, but for reasons various we would prefer not to do this. I have been searching for a resolution in this regard for years at this point, and I am agast that it is sooooo friggen hard to do what should be much more simple IMHO. Thanks very much in advance for any help here.