I have a user that was sending out SPAM, one being the Nigerian Scam. It was sending emails (as I saw these in her send items folder) with the sender address of her account name. There was a large recipient list of all different domains with the same user name. It appeared some one these were legitimate email addressesas some replied back. Then a flood of NDR's came in. All this added to a backup of email delivery along with being blocked by some outside mail servers. I'm looking to find out how this could of happend. Our environment is very secure. No viruses detected. User has only 4 email addresses in her address book. Could the user really have created this issue by clicking on an url within one of the email received?