The really annoying thing is that SPF is techically superior to TXT is lots of ways. 1. It uniquely identifies the roll of the record. 2. As SPF records are singletons you don't need to identify and remove the old record when updating. You can just remove all SPF record and add the replacement. For TXT you need to lookup the existing RRset, extract the v=spf1 record from it. You then need to create a UPDATE message to delete just that record as well as add the new TXT record. You then have to hope that no one else is performing a simultanious update as you may get two TXT v=spf1 records in the RRset. The complains about using SPF is that there are broken firewalls and some servers drop queries for it, some registars don't support it. For firewalls, fix/replace the firewall if you intend to deploy SPF and it doesn't support it. It is total !@##@# that firewall are incapable of handling new DNS record types. New records we exected to occur from the very beginning and have been coming out regularly ever since the DNS was invented. Firewall vendors that are incapable of handling new DNS types are incompetent and do not deserve repeat business. For servers than drop SPF queries they really are at the noise level. When you identify one you complain to the owners of it. Yes, that does work. We needed to do that for AAAA records. For registrars, change registrar to one that does. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx