The most egregious abusers that I see now are doing: MAIL FROM:<> in the SMTP transaction, and From: randomname@valid.domain Errors-To: anotherrandomname@different.valid.domain or Errors-To: samenameeachtime@different.valid.domain in the headers. They send this with the typical relay via hundreds or thousands of hosts around the world. \nick