I think most SMTP servers these days offer out of the box SMTP authentication, and plugging them into a back end database is relatively straight forward. I also think the majority of the workforce that is mobile uses proprietary solutions to address this already (such as VPN, Microsoft's RPC over HTTPS, etc). Suffice it to say, I think the issue for mobile workers sending email securely was solved long ago. -----Original Message----- All mail must be sent by the authorised servers *only* which, for a mobile workforce ( even mailing from home ) *MUST* use the company servers, which means smtp auth of some kind, or only using a web-based interface. Doable but an administrative nightmare. The alternative is to use an SPF record that allows anything, which is pointless. Just my $0.02 ( and yes, my SPF's ok, sort of! ), Steve