Wouldn't the best options be to whitelist the sending server's IP address (209.237.227.199).
"FROM" values can be forged, both in the e-mail and in the SMTP envelope. (Of course, we'd be in big trouble if the apache server were hacked or virus infected... but I'm assuming that the security there is top notch...) Rob McEwen
