>Hmm, that would almost mandate that the one be the IP address. After >all, we're talking about an authentication aid here; the bad guy could >change his DNS, make his post, and change it back, for example. Not if you do forward/backward address lookups, right? Or am I confused? /r$