you're right, if you can read the php page using wordpad then you can see the php code. "thus if a webpage file has php in it but it is not "rendered" I can see it... or am I dense?" but since SPAM harvester get the email from webpages, they use http:// !! they only get the source of the HTML rendered by the php ! And when you think twice about it, it's normal !! If people or spam harvesters could see the php code, we'd all be in big trouble ! (think of FTP/DB passwords, ways we badly code our forms, security holes, etc..) -----Original Message----- my 404 page (404page.php) has HTML/php in it and I can read it in wordpad/notepad the php is gone when it is viewed in MSIE or NS thus if a webpage file has php in it but it is not "rendered" I can see it... or am I dense?