On 2/9/03 22:49, Dean Anderson wrote: >> [...] but once I've got an IP number I have no >> easy way to turn that into an email address for the user. > > Once you have an IP number, you can look up the responsible party in one > of the registries (whois.arin.net, whois.ripe.net, whois.apnic.net, > etc--there are sub registries for Latin America and such, but they aren't > too hard to find.) Then you send an email with your logs or headers to the > abuse contact and/or the administrative contact. They will know how to > deal with the problem. Yes, I know how to do this, but the point is that it's not *easy*. And even if I can be bothered doing all this, it will end up in a queue for the postmaster at the ISP who may or may not end up actually trawling the logs to figure out which user it was and notify them. More likely than not, the user will never realise they are harbouring the virus. Jonathan