Well, I eventually had a friend open the attachment on his Linux machine and once he confirmed it was safe to open and found there was nothing in it other than the list of IP addresses, user names and time stamps but there were a whole bunch of addresses listed I opened the attachment in Notepad. All 43 IP addresses listed turned out to not be ones that are not and have not been in use the entire time I've had the IP block. So it's still mysterious why someone would have sent this as it appears to not be malware but it's entirely junk information, so no reason to explain why either the German Police or a scammer would have sent it. Maybe the German Police used to have a server at that address for some purpose and neglected to turn off the forward DNS when it was decommissioned and Deutsche Telekom AG didn't remove the old reverse DNS when they re-assigned the space to a new customer and that new customer stood up a mail server to sent these. Though for what purpose I'm unsure. It's as odd as the (automatically generated) abuse E-mail I recently got from a Spanish ISP (Comvive Servidores SL) claiming to have received a network attack from an address that is also not in use. (Which was one of the ones listed in this E-mail.) Thanks to everyone that did reply with their input. -- Glen A. Pearce gap@ve4.ca Network Manager, Webmaster, Bookkeeper, Fashion Model and Shipping Clerk. Very Eager 4 Tees http://www.ve4.ca ARIN Handle VET-17