Does any of the "Object Codebase=" checking in MailScanner block creation of ActiveX objects like this? http://downloads.securityfocus.com/vulnerabilities/exploits/19738.html Looks like <script> disarming would stop this sort of thing, but this would be better blocked along with the other ActiveX stuff I think. Ken A. Pacific.Net