It is only a good audit trail if the audit log can be trusted, though. Given how "secure" things like faxes are, well, that's a thing for another day, I suppose.
Very few things out there in today's interconnected world really provide "hard" security, instead of security theatre/CYA/minor deterrants/"keeping honest people honest".
That is not to say that these things have zero inherent value, at least in my mind, but they are not IMO to be confused with high security (as in military grade versus making a few clever [socially engineered] phone calls).
Even so, much of the modern day business world relies on these things to some degree or another.
As I said, there are already ways to deal with these issues. Unfortunately, most of them are reactive in nature. Despite that fact, I would much prefer to see a LoA, which will have some significant deterrent value, rather than nothing at all. The "security" of faxes has very little to do with it. If twtelecom finds that Jon Lewis over at Atlantic.net is sending in LoA's that turn out to be fraudulent, it is very likely that the level of scrutiny for future LoA's will suddenly increase, maybe involving calls to ARIN, the contact information for the organization in question, etc., to try to further determine the authenticity. On the flip side, if Jon has sent in a hundred LoA's, and none have ever been questioned, the level of scrutiny is likely to be reasonably low. Risk assessment in this environment isn't *that* rough, and worrying about whether or not the trail can be audited/ authenticated, security of faxes, etc., may be excessively paranoid. We do not have an Internet that is designed with "hard" security in mind, so worrying about the easily attacked portions is certainly worthwhile, but let's be thoughtful, rather than obsessive, about it. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.