One of the most important reasons that I see for the use of macros is
that it allows the domain owner to conceal the precise policies from the
attacker.
This can be acheived by creative use of 'exists' and macros. For
example, in my SPF record, the first mechanism is a lookup of the sender
of the message. If the sender is not a valid recipient, then the SPF
operation fails. However, the attacker does not know the list of valid
senders, and *cannot* find them out except via a brute force dictionary
attack -- which I might spot and take active countermeasures.
Philip
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡