Hello, The purpose of the abuse header extract in this thread is obvious but still interesting. I started thinking about all the interesting ways that cyber criminals, nation states, large corporates and other abuse purveyors and distributors are always constantly trying to find ways to break abuse reporting systems, RBLs DNSBL's Reputational and other services. Here is the interesting extract : Received: from mm-8-178-212-37.vitebsk.dynamic.pppoe.byfly.by ([37.212.178.8]:51058 helo=[178.121.247.67]) It is only interesting because it is so old that it is unusual to see such an old method in use in 2019. Maybe it is a "new" nation state trying to build or expand it's cyber weapon arsenal, maybe it is R&D on a wannabe corporate spammer or corporate spam enabler (esp) maybe it is just a young cyber criminal Either way, imho, this type of abuse is even worse than other types of abuse. As with everything, I guess it is also perspective. From a nation state perspective it is national security, from a cyber crime perspective it is r&d, from an abuse admin perspective it is extreme evil and from the average joe soap or john doe (or whatever the politically correct method of referring to the average person is) - the average person simply does not care :) Andre