We are at a loss. Users in our organization are getting 2 - 5 bounced messages each day from spam being sent out where they spoof the email address of our internal user's aliases. I have checked and verfied that our mail server is not an open relay and that these spams are not originating from our server or even from our network. My guess is that someone's home system is infected with a trojan and is spamming out. The thing is that we've asked everyone to check their home systems and no luck -- it has been over two months that this has been occuring. Also, the spoofed aliases are even obscure distribution lists sometimes -- could only be known if that infected client had access to the GAL. Any ideas or suggestions as to how to track this down? Much appreciated!