In my mind, a suite of practices to keep one's garbage contained and not all over the neighbor's lawn is a good thing and covers many bases. RPF/BCP38 seems to be the IP level equivalent of blocking ingress SMTP and forcing delivery through outbound-only servers that check the claimed envelope and/or header senders for sanity relative to the authorized sending networks. If so many people are agreeing on BCP38, what's with the resistance about email, clearly an equally polluted swamp? Why would one not want to view the two issues as much the same problem, at different layers? And yes, I was assuming split-brained mail infrastructure to make port-25 filtering much simpler. To counter someone's counterargument, it could boil down to two ACL lines in *many* places, but clearly not all. Said two lines can come right before the one that says "permit ip my-source-only any", couldn't they?? Not in a blanket sense, of course -- these things done *where appropriate* and tuned to known requirements could vastly improve matters, but it seems that even after all these years so many of the appropriate places haven't even been touched let alone fixed. _H*