all, safest way is to disable windows scripting host ... that way VB scripts don't execute. http://www.google.co.uk/search?q=disable+windows+scripting+host&hl=en&meta= but i'm sure most will have done this since the VBS/LoveLetter doodad. later gary > > AFAIK this is addressed by unchecking 'allow executables in HTML content' > (that's how the option is called in Eudora - does Outlook have > this option?). > > Please correct me if I'm wrong ;) >