amen to that.. i would use > if ($address == your@addy/vhost.here) myself to avoid the impersonation attempts. more secure