我使用第三方 ESP 发送邮件,并已配置我的域名 www.styleupdates.co 以包含来自他们的 SPF 记录。第三方电子邮件程序正确显示我们的 SPF 记录,发送到 gmail 的电子邮件也在正文中显示 SPF PASS。但在 google postaster 工具中,我的域名邮件的 SPF 身份验证失败。
如上图所示 - DKIM 已验证但 SPF 尚未验证。
我还附上了我们通过发送邮件从 mail-tester 获得的结果的图片。Mail-tester 显示 SPF 和 DKIM 正常,但 DMARC 异常。其他身份验证也正常。因此我们的域名确实存在 DKIM 和 SPF 记录。
以下邮件标题的标题截图 -
附加我遇到问题的邮件标题
Delivered-To: [email protected]
Received: by 10.37.128.144 with SMTP id n16csp204841ybk;
Mon, 22 May 2017 03:09:59 -0700 (PDT)
X-Received: by 10.223.153.181 with SMTP id y50mr10793028wrb.41.1495447799437;
Mon, 22 May 2017 03:09:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1495447799; cv=none;
d=google.com; s=arc-20160816;
b=jR65lEEdRaQ4M2xmeNxaCBq/c+5d1KbvQ4CSQUzdtsaZVS7ZBYFarG2b3FEsR8uINB
5xvJy/DKVjgqfBHLSRNtAef4puwfZJwWTOXktWSf0/a9oIWx2bh3wGsyT/Yjglk7Zrq2
TSFS7xDAAGtQsv4+jJ/pO/JMfoH5abq+YyXdS3buxZ7J6ilQwfpLKH+ayrwR/jiGl1Ec
598e4X6H449qVOItmGrb8Dq5SFiIJWQheWYiMEEXrSTVknzlZe0E1F+k+xsEQEnnbiif
szmml5vbYulRP/fdc6WYUP4z3yQxj3n6uMj9lDBPBqIhaOUayV2yMmp/bh3LoMsg5ZZc
T+Ug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:precedence:list-unsubscribe:list-id:date
:subject:to:reply-to:from:mime-version:message-id
:domainkey-signature:dkim-signature:arc-authentication-results;
bh=raKzdgPcSVRNwNmew4PEt+UNx4UiRM1tL8RVngiKXV0=;
b=k4XnFTCDquva32Z0YVVcIzV5sYuvWoyw8tDo+4g0mKxZPa+kQsXljEd3wb5bjzvmEi
aZUBjZTQOWY/TLYpKEdzqaE8a6yP8QpxD0M52uhZA/j9GD2VaP0cLhbT68NRC1czS/3B
F/ofJXnxoU3266eNxliLYb8qdCdCvMZwW/ml1n6+buoOvZHAzGNOLtTW9yAT5XqOZMQX
IQ53gF7QUpvLVZL7kvLZ6uxVweSoeSiXh9Yh7JhOvTFAtnxslhiG6FVJlAXz2P1vK5vP
LQp1AJjVk5AthpPDntyQKGSO54gK/JaoXXaZnDERqBc6iG2uTeykLZJIcCrZHbpkvBQ2
UIcg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected];
spf=pass (google.com: domain of b8449512.aesaaghgqumaaaajkycaaaajii8aaaaakreaaaoaaahstqbzirj5@xyz.espdomain.com designates XX.XXX.233.167 as permitted sender) smtp.mailfrom=b8449512.AEsAAGhGquMAAAAJkycAAAAJiI8AAAAAKREAAAOAAAhstQBZIrj5@xyz.espdomain.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=styleupdates.co
Return-Path: <b8449512.AEsAAGhGquMAAAAJkycAAAAJiI8AAAAAKREAAAOAAAhstQBZIrj5@xyz.espdomain.com>
Received: from o167.p8.mailjet.com (o167.p8.mailjet.com. [XX.XXX.233.167])
by mx.google.com with ESMTPS id g7si94075wrg.68.2017.05.22.03.09.59
for <[email protected]>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 22 May 2017 03:09:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of b8449512.aesaaghgqumaaaajkycaaaajii8aaaaakreaaaoaaahstqbzirj5@xyz.espdomain.com designates XX.XXX.233.167 as permitted sender) client-ip=XX.XXX.233.167;
Authentication-Results: mx.google.com;
dkim=pass [email protected];
spf=pass (google.com: domain of b8449512.aesaaghgqumaaaajkycaaaajii8aaaaakreaaaoaaahstqbzirj5@xyz.espdomain.com designates XX.XXX.233.167 as permitted sender) smtp.mailfrom=b8449512.AEsAAGhGquMAAAAJkycAAAAJiI8AAAAAKREAAAOAAAhstQBZIrj5@xyz.espdomain.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=styleupdates.co
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; q=dns/txt;
d=styleupdates.co; [email protected]; s=mailjet;
h=domainkey-signature:message-id:mime-version:from:reply-to:to:subject:date:list-id:list-unsubscribe:
precedence:x-csa-complaints:x-feedback-id:x-mj-mid:content-type:content-transfer-encoding;
bh=9ccfNUbYCGFDKDbtTKzdcPmYng0=;
b=sh2iXOwf6u7CICMFgWSMdLN+w8iN+yzy5tYugLKxqJPiQIuLCPirfYdJZ HK855coki37OUnP0S0y6LTGZhkS5SlfnN29kmqigU9PTYzB21MWSz5MRwO74 OHmrr99eCTnWXELxZw7uzJXF63V4Z96RTRyWhXIgnuyOUQtXl9Z3cU=
DomainKey-Signature: a=rsa-sha1; c=simple; q=dns;
d=styleupdates.co; s=mailjet;
h=message-id:mime-version:from:reply-to:to:subject:date:list-id:list-unsubscribe:
precedence:x-csa-complaints:x-feedback-id:x-mj-mid:content-type:content-transfer-encoding;
b=FKzkLJqnzLlfTTA4dN0czHSIl0xWbDQ3XhfJjbPjl/fhFAqfoIfT1NK6F XlTn8zScoH6nPgXVBiWJOXbFTpPqm5gpcFjfDuvAFyY/E5c/uhPzHugP7+tH LZV/eaXjxGsgrCYfHYuVTzIB+Ak2/Xp6v0JgDokvJ7yiyV+9ra6eaM=
Message-Id: <b8449512.AEsAAGhGquMAAAAJkycAAAAJiI8AAAAAKREAAAOAAAhstQBZIrj5@mailjet.com>
MIME-Version: 1.0
From: Sender <[email protected]>
Reply-To: sender @styleupdates.co
To: [email protected]
Subject: interesting Subject
Date: Mon, 22 May 2017 10:10:01 +0000
List-Id: <sender.styleupdates.co.xxxx.xx>
List-Unsubscribe: <mailto:[email protected]>
Precedence: bulk
X-CSA-Complaints: [email protected]
X-Feedback-Id: XXXXXXXXX:XX
X-XX-Mid: AEsAAGhGquM XXXXXXXXX XXXXXXXXX XXXXXXXXX AAAOAAAhstQBZIrj5k16OnCF1Tvabc3vSUVRKJwAIAgU
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
答案1
配置我的域名 www.styleupdates.co,以包含来自他们的 SPF 记录
不,你还没有:
$ dig www.styleupdates.co TXT
; <<>> DiG 9.10.3-P4-Debian <<>> www.styleupdates.co TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20064
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.styleupdates.co. IN TXT
;; AUTHORITY SECTION:
styleupdates.co. 3594 IN SOA dns1.registrar-servers.com. hostmaster.registrar-servers.com. 2017100300 43200 3600 604800 3601
;; Query time: 207 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 05 13:21:26 AEDT 2017
;; MSG SIZE rcvd: 121
除此之外,如果没有看到整个邮件头,就不可能确定到底发生了什么。
答案2
在您提供的标头中,看起来Authentication-Results不错。我不认为该标头集说明了您的问题?
说实话,我无法弄清楚您是如何进行测试的,以解释不同的结果。您向许多不同的系统发送了邮件。具体怎么做的?这些电子邮件是什么样子的?从哪里发送的,从哪个地址发送的?
一般来说,如果 DKIM 和 SPF 通过,但 DMARC 未通过,那么我首先要寻找的是域对齐。通过 SPF 和 DKIM 测试的域是否与FromMIME 标头中找到的域匹配?
列表中的标头ARC*很有趣。我认为除非 Google 转发了电子邮件,否则它不会添加这些标头。它们存在是为了处理转发的电子邮件来自新服务器(破坏 SPF)和/或内容被修改时出现的问题——例如当邮件列表在主题标头中放置标签并在正文底部添加取消订阅链接(破坏 DKIM)时。ARC 很有趣,不会造成伤害,但只有在接收邮件服务器识别它时才会有所帮助。
继续
DMARC 仅识别针对 From 标头域的 SPF 传递。您的 SPF 记录包括styleupdates.co,spf.mailjet.com因此在您提供的标头示例中看起来没问题,但这就是我们知道通过的(谷歌这么说)。
我想知道哪个 IP 直接发送到 mail-tester.com?看起来 mailjet.com 正在针对您的域名进行 DKIM 签名,而谷歌很高兴它是正确的。那么您的测试中发生了一些不同的事情吗?您确定电子邮件直接从 发送到mailjet.com吗mail-tester.com?
在 mail-tester.com 结果页面中,我会点击一些+标志来获取有关已执行的 DKIM、SPF 和 DMARC 测试的更多信息。看起来您还可以打开有关收到的邮件的更多信息?