This is one that i've come across from time to time and often pondered myself - Obviously virus traffic can fluctuate up and down and become an annoyingly high percentage of an ISPs total mail load. Thus AV filtering which drops these messages is beneficial and can be provided as a benefit to customers, etc... So what happens to role accounts like, heaven forbid, abuse@ ? And for that matter, if the messages are dropped, is there any logged trace of the fact the message was sent in the first place? The reason I ask is that i've seen at least one ISP to whom i've reported viral infections to recently actually reject the report, because of the 'illegal file attatchment' (where the criteria used was the file extension... not even viral code within the attatchment)... So I had to manually copy/paste headers only to get my point across. The argument can be made that headers are all thats required, and that the actual payload isnt needed - but what if theres occaision where you want said payload? (To provide actual evidence of the infection, to identify what variant of the virus is infected, to help build filters ...?) Do ISPs out there regularly exclude their security team or at least build in means for one-off exceptions on an as-required basis? Do ISPs that drop viral (or suspected viral) traffic do anything to report said infection, or do they just drop the virus and pretend it never happened? (Doesn't actually fix the problem, does it...) Appreciate your thoughts. Mark.