I have not followed this thread in detail so apologies if this has been answered.... Is it not enough to ask friendly Outlook users to send and receive plain text-only emails? Would this provide adequate protection from unwitting transfers - even VBscript? --rwb