Just because they are in the distro list  doesn't mean they have access to your portal. I run into this as well.

Now I've had to assist with the security  for our team sites  alongside a co-worker for Kaplan University, and I learned a thing or two from him. I am going to tell you how we handled security for Sharepoint and perhaps that might be able to help  you figure out a way to structure your security better for your company. We had a total of approx. 7,000 possible users.

For every team site  request, what we would do is we'd create a couple of AD groups, named SPS.CM.TeamSiteName (CM for Content Managers - we never gave them administrator access), one called SPS.Contributor.TeamSiteName, and another called SPS.Reader.TeamSiteName --- obviously the CMs were added to the CM group and so forth. Then when we created the team site, instead of having to individually add  a bunch of users  to the site (DOMAIN\username), we would add the AD group and grant that AD group certain permissions (DOMAIN\SPS.CM.TeamSiteName, granted them Website Designer access, etc. etc.). For maintenance this worked like a CHARM...

If you take that example and apply it to whatever scale you need it (100 users, 2,000 users, etc), you should have a much better time managing your team site/portal security. Again this is just MY suggestion and how we did it, as example. Others may have been methods.

Well my problem was that I needed everyone in the enterprise (approx
5,000 usrers). And I couldn't see the domain account that included
eveyone. Fortunately the guy that had that info got it to me this
morning. I thought I'd see it when it opened up the Address Book. It
was as easy as just typing in the name of the domain acct.

We've done the same thing here...well, similar in concept. The best
thing is to create the domain group and add  it that way to the site.