> Indeed, it seems most of the spam isn't commercial: >Most of the spam seems to come from viruses, and isn't really selling >anything. The viruses can use the credentials of the infected user. >That is "legitimate", until someone reading the email realizes its not and >complains. These send 40-50 messages per IP, and is hard to detect as >bulk. This is pseudo-off topic because I already stated below that a viral signal can be detected differently than a spam signal, unless it contains no viral data (which would be pointless afaik). I am curious about your data. Are you refering to emails spreading a virus that contain viral attachments?? It occurs to me that a virus can not spread very fast or effectively if each infected computer only sends 50 emails, because the infection rate is probably similar to spam, i.e. < 0.005%. So you would only get 1 new infection for each 20,000 emails sent, or thus for each 400 infected computers. It seems the virus would likely die (anti-virus actions) at that rate of spread. So I must assume you were looking at a very small sample on internet email and you did not extrapolate??? Your answers might be somewhat helpful to me in my work. Thanks, Shelby Moore http://AntiViotic.com