今天收到一封邮件,看似来自我们域名的账户,但分析邮件头后发现,它来自另一个服务器和用户。
邮件从真实拥有的域名发往我所拥有的域名上的真实帐户。
这怎么可能?
我怎样才能避免这个问题?
由于安全原因,邮件标题部分编辑:
Received: from SN6PR06MB4765.namprd06.prod.outlook.com (2603:10b6:805:ca::39)
by SN6PR06MB4765.namprd06.prod.outlook.com with HTTPS via
SN6PR16CA0062.NAMPRD16.PROD.OUTLOOK.COM; Thu, 24 Jan 2019 17:27:23 +0000
Received: from DM6PR06CA0047.namprd06.prod.outlook.com (2603:10b6:5:54::24) by
SN6PR06MB4765.namprd06.prod.outlook.com (2603:10b6:805:9e::23) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.1558.17; Thu, 24 Jan 2019 17:27:21 +0000
Received: from BL2NAM02FT029.eop-nam02.prod.protection.outlook.com
(2a01:111:f400:7e46::204) by DM6PR06CA0047.outlook.office365.com
(2603:10b6:5:54::24) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1558.16 via Frontend
Transport; Thu, 24 Jan 2019 17:27:20 +0000
Authentication-Results: spf=pass (sender IP is 66.96.184.5)
smtp.mailfrom=eigbox.net; **myrealdomain.com**; dkim=none (message not signed)
header.d=none;**myrealdomain.com**; dmarc=fail action=oreject
header.from=**myrealdomain.com**;compauth=fail reason=000
Received-SPF: Pass (protection.outlook.com: domain of eigbox.net designates
66.96.184.5 as permitted sender) receiver=protection.outlook.com;
client-ip=66.96.184.5; helo=bosmailout05.eigbox.net;
Received: from bosmailout05.eigbox.net (66.96.184.5) by
BL2NAM02FT029.mail.protection.outlook.com (10.152.77.100) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.1558.11 via Frontend Transport; Thu, 24 Jan 2019 17:27:20 +0000
Received: from bosmailscan09.eigbox.net ([10.20.15.9])
by bosmailout05.eigbox.net with esmtp (Exim)
id 1gmime-0001Df-40
for **[email protected]**; Thu, 24 Jan 2019 12:27:20 -0500
Received: from [10.115.3.33] (helo=bosimpout13)
by bosmailscan09.eigbox.net with esmtp (Exim)
id 1gmime-00083z-09
for *[email protected]**; Thu, 24 Jan 2019 12:27:20 -0500
Received: from bosauthsmtp06.yourhostingaccount.com ([10.20.18.6])
by bosimpout13 with
id UHSH1z00E07rX7u01HSLMQ; Thu, 24 Jan 2019 12:26:20 -0500
X-EN-SP-DIR: OUT
X-EN-SP-SQ: 1
Received: from [190.146.197.219] (port=9098 helo=10.1.29.91)
by bosauthsmtp06.eigbox.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim)
id 1gmilb-0004Nx-Pw
for *[email protected]**; Thu, 24 Jan 2019 12:26:17 -0500
Date: Thu, 24 Jan 2019 12:26:21 -0500
**From: Presidencia <[email protected]>**
提前致谢。
答案1
伪造From:
标题很容易。
只有您域上的 dkim(+ dmarc)才会有帮助,并且仅适用于实际检查 dkim 和 dmarc 的接收者。
DKIM 将包含基于多个标头的数字签名,其中包括From:
。接收者可以检查您域的 DNS 中的公钥并验证签名。
DMARC 将规定当 DKIM(和 SPF)发生故障时该采取什么措施的政策。