i've been saying that for some time, probably posted on your board. if a computer has norton internet security installed browser doesn't pass full headers to the server, mainly it hashes the server refer string. i'm sure many other firewall will folow this trend. instead of relying completly on your access logs you should assign your trades a unique id and track your traffic by that id.
when you tell your trades to send traffic to
http://www.yourdomain.com/
tell them to send to something like
http://www.yourdomain.com/?id=trade_id
add few lines of code to store clicks coming from that id.
i have most of my traffic coming from SEs and about 25% have no refs, i know this because i don't do trades on that domain, typing highly unexpected too, and i also run norton internet security, so i've played with logs turnin NIS on and off.
to summirize above, if your surfer runs notron internet secirity firewall you cannot track where he came from by looking at your server access logs
