I was just reading RSnake's recent DNS Rebinding blog posts where he keeps stating "respect the host header". Is he simply meaning to verify that something like $_SERVER['HTTP_HOST'] in a PHP context matches one's domain??

----------------------------------------
I joke about anything that's serious, but I take my joking very seriously.

Yup. Because the victim will end up sending the attacking site's host name to you in HTTP_HOST.