我们正在尝试在 Google Apps/G Suite for Business 域上设置 DKIM 身份验证,以减少最终进入人们垃圾邮件文件夹的电子邮件数量。我们已生成 DKIM 密钥并在 Google Cloud DNS 中设置它,并已确认它是使用 3 种不同的 DKIM 工具设置的:
他们都说它是有效的,但是当我们尝试开始身份验证时,它显示“电子邮件身份验证未经验证……”我们等待了建议的 48 小时(尽管 DNS 记录在 24 小时前可见且正确)但仍然无法验证。
知道还有什么可能出错吗?
safedoorpm.com如果您想自己检查 DNS,则可以使用该域名。
编辑以添加电子邮件标题 2016/10/21
这是从我们的域发送到 Gmail 的邮件标头。请注意,它仍使用gappssmtpDKIM 的默认域,而不是我们的域:
Delivered-To: [email protected]
Received: by 10.79.95.130 with SMTP id t124csp1047440ivb;
Thu, 20 Oct 2016 14:30:12 -0700 (PDT)
X-Received: by 10.37.231.193 with SMTP id e184mr4430151ybh.13.1476999012850;
Thu, 20 Oct 2016 14:30:12 -0700 (PDT)
Return-Path: <[email protected]>
Received: from mail-yw0-f176.google.com (mail-yw0-f176.google.com. [209.85.161.176])
by mx.google.com with ESMTPS id v62si10092566ybg.141.2016.10.20.14.30.12
for <[email protected]>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 20 Oct 2016 14:30:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 209.85.161.176 as permitted sender) client-ip=209.85.161.176;
Authentication-Results: mx.google.com;
dkim=pass [email protected];
spf=pass (google.com: domain of [email protected] designates 209.85.161.176 as permitted sender) [email protected]
Received: by mail-yw0-f176.google.com with SMTP id u124so527ywg.3
for <[email protected]>; Thu, 20 Oct 2016 14:30:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=safedoorpm-com.20150623.gappssmtp.com; s=20150623;
h=mime-version:from:date:message-id:subject:to;
bh=rxgZTPk8FeVq2/dWzyjPIHnShPXlQzmPnvfbrUzW/Ss=;
b=CJ6/IB1YNKvIsO0sUW8BvWyZZdjTQqBofzgOIbuW3Auo0sWtQB4cgWtzjzltr1SyZO
b+eKJGSrdvRaaaLj7240nZwrVtrmTTlXcx2Qvm2yIp20ilDZWd4pJAAlvSC8wCxDQhYY
1zwn9UcXxuwD2c05El/DSrdJy+mwVlNv4w3D2v+hPSO0CKS7rKYsjFLEJcQrlAjjANnJ
itn3oz6DxasplOSmSX8tIOXSHFNnYaJM5lbUtm9cLOWvffclmeShcTbhu/BWWdg1pFHn
6dXvj6tX7KvbPr9GzH6LnVd71IHe/R65/2VQdqdT0uvJn5KWkc0ziHRlm3HV8JiWXGZf
oyRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=rxgZTPk8FeVq2/dWzyjPIHnShPXlQzmPnvfbrUzW/Ss=;
b=IcWYvLXbpDB2CCV40fWymGcvbICsjuJipBhW5d1d9WFAM4jVDsZd+2K5ENwvVM4L20
DDbYoqPIoNBwFIaqIB3Sx30xVgFb7d4k7SVSfRZJctrY6QQyO/k6KaxL6++AAxHPbcNw
jls+G5kzs+62OGQzq6w2Z9VNp6CSEyKqqORsAAjEdwa89v8VLLwyRdUoDxZvpiLAFZ8K
riyjP7ebj5iyKJsuviX24kQ6QEJZh6RAAhILudAw8+vtNM3Ml+UUHOlAqbPPgseUB4qx
9hSv+9uQA8w2v7sDiNVVCOoJa20bXZTsLmqlJB6yC4Bt2kzIeSpg5GcALx8EfuaGBiCu
qo+w==
X-Gm-Message-State: AA6/9RmpTg+BzD0kFfXdFBfUIsAcwb0VxlByb8FBWzHYz/gJotrTZ42AzZtIqsANt5a7rf/hu9In1wdErNHioA==
X-Received: by 10.202.53.68 with SMTP id c65mr8679383oia.57.1476999012386; Thu, 20 Oct 2016 14:30:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.207.5 with HTTP; Thu, 20 Oct 2016 14:29:31 -0700 (PDT)
From: Mike Totman <[email protected]>
Date: Thu, 20 Oct 2016 15:29:31 -0600
Message-ID: <CAGsv74XyfTOqi7eJ4cCD90Dx8VPvFB1NFLujtCvKgDaCOCT0vQ@mail.gmail.com>
Subject: DKIM test 10
To: Mike Totman <[email protected]>
Content-Type: multipart/alternative; boundary=001a113d4f2877afad053f52a17e
编辑以添加来自 DKIMValidator.com 的输出 2016/10/21
我还尝试向 DKIMValidator.com 工具发送电子邮件,结果如下。请注意,它仍然使用gappssmtpDKIM 的默认域,而不是我们的域:
DKIM 信息:
DKIM Signature
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=safedoorpm-com.20150623.gappssmtp.com; s=20150623;
h=mime-version:from:date:message-id:subject:to;
bh=5wQSTkgMlB+S2PAmekAxIh7O+zBt2H5aC2Ft8cNRJWQ=;
b=ItJ0UFj97i19qHEFF9ACB5sQY50iZv9ZJ2J9l4JIgSKkSbd/QOi0OGsRWtMe9p5yU4
vp6z1mgah8DBa+fgCEtTqrOyd+LjaXm0f6FJXyJiV+E7FcdpJ1bSEHyzRlulR0TLqJ/E
LK0JDXSFNCSUTrWVsrGxIKo7HscI+jY5CR/nTf9cRvTj9Z22lFeukAvVpuhSz88XQeBX
2TXk2I+p21+L0xAbv0x4OCDgWM5W4WRJUqGi0+gu/IhQBomi/e7wEYZ2f+lvNKRpRggU
QD2dv15fCibJ3jufVBglpCx9En94UlPuiZqaCi0qqriLnhV/76iBMajI+WyelCG2SimU
Ht6g==
Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/relaxed
d= Domain: safedoorpm-com.20150623.gappssmtp.com
s= Selector: 20150623
q= Protocol:
bh= 5wQSTkgMlB+S2PAmekAxIh7O+zBt2H5aC2Ft8cNRJWQ=
h= Signed Headers: mime-version:from:date:message-id:subject:to
b= Data: ItJ0UFj97i19qHEFF9ACB5sQY50iZv9ZJ2J9l4JIgSKkSbd/QOi0OGsRWtMe9p5yU4
vp6z1mgah8DBa+fgCEtTqrOyd+LjaXm0f6FJXyJiV+E7FcdpJ1bSEHyzRlulR0TLqJ/E
LK0JDXSFNCSUTrWVsrGxIKo7HscI+jY5CR/nTf9cRvTj9Z22lFeukAvVpuhSz88XQeBX
2TXk2I+p21+L0xAbv0x4OCDgWM5W4WRJUqGi0+gu/IhQBomi/e7wEYZ2f+lvNKRpRggU
QD2dv15fCibJ3jufVBglpCx9En94UlPuiZqaCi0qqriLnhV/76iBMajI+WyelCG2SimU
Ht6g==
Public Key DNS Lookup
Building DNS Query for 20150623._domainkey.safedoorpm-com.20150623.gappssmtp.com
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2UMfREvlgajdSp3jv1tJ9nLpi/mRYnGyKC3inEQ9a7zqUjLq/yXukgpXs9AEHlvBvioxlgAVCPQQsuc1xp9+KXQGgJ8jTsn5OtKm8u+YBCt6OfvpeCpvt0l9JXMMHBNYV4c0XiPE5RHX2ltI0Av20CfEy+vMecpFtVDg4rMngjLws/ro6qT63S20A4zyVs/V19WW5F2Lulgv+l+EJzz9XummIJHOlU5n5ChcWU3Rw5RVGTtNjTZnFUaNXly3fW0ahKcG5Qc3e0Rhztp57JJQTl3OmHiMR5cHsCnrl1VnBi3kaOoQBYsSuBm+KRhMIw/X9wkLY67VLdkrwlX3xxsp6wIDAQAB
Validating Signature
result = pass
Details:
答案1
在与 Google 支持人员沟通后,我最终尝试使用 1024 位 DKIM 密钥,而不是 2048 位密钥。这有效。
我注意到的一件事是,1024 位密钥的 DNS 记录都是一个字符串,而我必须将 2048 位密钥拆分为同一条记录中的多个字符串。我的理论是,Google 管理控制台无法正确识别这一点,因为我使用的其他工具(问题中的链接)验证了这一点。
答案2
KIM-签名:v=1;a=rsa-sha256;c=relaxed/relaxed;d=safedoorpm-com.20150623.gappssmtp.com;s=20150623;
请注意,“d=”标签中有safedoorpm-com.20150623.gappssmtp.com
我遇到了同样的问题,将 DKIM 签名更改为 1024 后,现在所有电子邮件中的 d 标签都是域,而不是 gappssmtp.com 中的子域。
答案3
我最近遇到了类似的问题,原来是复制/粘贴问题。
如果你双击 Google 的 TXT 记录值进行复制,它会复制你的 DKIM 记录和还将从 DKIM 文本后面的按钮复制文本“生成新记录”。
因此,在将您的 DKIM 密钥粘贴到域 DNS 设置之前,最好将其粘贴到文本编辑器中,并确保文本字符串的末尾是您的准确 DKIM 记录,末尾没有任何多余的文本标记。或者,为了安全起见,请先按照问题中的建议在 dkimcore 上检查您的 DKIM 核心密钥记录,确保它已验证,然后将其添加到您的 DNS。