Sounds like we can put it almost into the category of the black-list method of spam control. However, we have to account for idiots using these techniques to get our mail through... I finally managed to sit down and go through the steps this morning on creating a Split DNS, and discovered that we already had one... I hadn't thought of ours as being one before, for some reason I was thinking there was more to it. If we can resolve the same hostname to two different IP addresses depending on where you're querying from, I guess we have one. So, at this point, I'm stuck with fighting with the ISP to get our records updated correctly, or setting up our own "public" DNS server (and then fight to get the ISP to make it the authoritative one)... -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Monday, April 25, 2005 11:05 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Split DNS Questions... http://www.ISAserver.org Hi Dan, The issue could come up depending on what DNS servers the SMTP servers on the Internet use for reverse lookups. I don't was time on reverse lookups because the method is inhernetly flawed, but that's besides the point. If the DNS servers don't preserve the TTL sent by your DNS agent, then there could be problems. I'm taking a look this week at the RainConnect service that comes with the RoadBLOCK ISA hardware firewall, so I hope to have more insight on how to best approach this problem by the end of the week. HTH, Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls