SPF 应该验证 SMTP 服务器地址还是家庭 PC 地址?
我遇到过这种情况:家用电脑通过 ISP 的 SMTP 服务器发送邮件。电子邮件地址有一个个人域名,仅用于定义电子邮件地址,例如[电子邮件保护]。该域名在 DNS 中从未有过 SPF 条目,因此邮件可以正常接收:
Received-SPF: none
(somedomain.co.uk: No applicable sender policy available)
然而,谷歌会将该邮件视为垃圾邮件,有些人并没有收到它。
为了解决这个问题,我要求 ISP 为该域添加一个 SPF 条目:
somedomain.co.uk. 3600 IN A 81.187.30.xx
somedomain.co.uk. 3600 IN NS primary-dns.co.uk.
somedomain.co.uk. 3600 IN NS secondary-dns.co.uk.
somedomain.co.uk. 3600 IN SOA primary-dns.co.uk. hostmaster.somedomain.co.uk. 2020062608 10800 3600 1209600 600
somedomain.co.uk. 3600 IN MX 20 c.secondary-mx.uk.
somedomain.co.uk. 3600 IN TXT "v=spf1 mx include:_spf_include.aa.net.uk ~all"
somedomain.co.uk. 3600 IN AAAA 2001:8b0:0:30::xxxx:xxxx
谷歌现在对此表示通过
Received: from b-painless.mh.aa.net.uk (b-painless.mh.aa.net.uk. [2001:8b0:0:30::52])
by mx.google.com with ESMTPS id b3si19902773wrv.385.2020.06.26.13.27.59
for <[email protected]>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 26 Jun 2020 13:27:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 2001:8b0:0:30::52 as permitted sender) client-ip=2001:8b0:0:30::52;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 2001:8b0:0:30::52 as permitted sender) [email protected]
Received: from xx.227.187.81.in-addr.arpa ([81.187.227.xx] helo=MyPC) by b-painless.mh.aa.net.uk with smtps (TLS1.0:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <[email protected]>)
它正在检查的地址 2001:8b0:0:30::52(在 ISP 批准的范围内)是 SMTP 服务器的地址,而不是家用 PC 的 ipv4 地址(81.187.227.xx)。
但是我的电子邮件提供商在接收来自同一发件人的电子邮件并且仅在 ipv4 地址中工作时会出现软失败。
Received-SPF: softfail
(somedomain.co.uk: Sender is not authorized by default to use '[email protected]' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched))
Received: from b-painless.mh.aa.net.uk ([81.187.30.52])
by bonn.contextshift.co.uk with esmtps (TLS1.2:RSA_AES_256_CBC_SHA1:256)
(Exim 4.80)
(envelope-from <[email protected]>)
id 1jounn-0006BC-Hh
for [email protected]; Fri, 26 Jun 2020 20:18:23 +0000
Received: from xx.227.187.81.in-addr.arpa ([81.187.227.xx] helo=MyPC)
by b-painless.mh.aa.net.uk with smtps (TLS1.0:ECDHE_RSA_AES_256_CBC_SHA1:256)
(Exim 4.92)
(envelope-from <[email protected]>)
id 1jounn-0000Y1-8v
for [email protected]; Fri, 26 Jun 2020 21:18:23 +0100
在上图中,SMTP 服务器地址 81.187.30.52 在允许范围内(来自 SPF),但家用 PC 81.187.227.xx 不在。
_spf_include.aa.net.uk. 600 IN TXT "v=spf1 ip6:2001:8b0:0:30::/64
ip6:2001:8b0:62::/64
ip4:81.187.30.0/25
ip4:90.155.4.48/31
ip4:90.155.5.1/32
ip4:90.155.4.50/31
ip4:90.155.5.3/32
ip4:90.155.62.16/28 ?all"
因此,在这种情况下,电子邮件提供商的 SPF 检查正在验证家庭 PC 地址。