* Make sure repeated attempts to register the same e-mail address get throttled. Don't make the web server a way to e-mail bomb people. * Put in the e-mail a clear, short, easy to read over the phone link (http://www.yoursite.com/spam.html) that describes what action on the web site sends these e-mails, how to identify an e-mail as actually coming from the site, and where to report any sort of mailbombing (back to the first point). * Make sure your mail servers are squeeky clean. Forward and reverse match, valid MX's, they report their own name in SMTP headers, no "untrusted sender used -f", etc. Valid abuse@ for the machine name, and the parent domain are essential. Valid contacts for the domain and IP block are helpful. In general this sounds like a low-risk activity, as described. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org