Compromised accounts are a problem.  Even when I ask my users to use more complex passwords, they still occasionally get compromised.  I would like the ability to limit what IPs can authenticate under a users account.  Many users these days have static IPs, or they only authenticate from specific networks.  For example.  At home I have a static IP, and whatever dynamic IP my cell phone provider assigns me.  Would be nice if I could tell smarter mail to only allow authentication under my user account if the connection comes from my static IP, or the network of my cell phone provider ( using RDNS to do the lookup ).  I know this could take more effort on managing connections, as users who travel might need the limit disabled temporarly.  But for maximizing security options especially for corporate environments, I think its a great idea.