使用 DKIM 和 SPF 进行锁定,并收到看似由我们的 DKIM 签名的电子邮件

tag-icon tag-icon dkim
使用 DKIM 和 SPF 进行锁定,并收到看似由我们的 DKIM 签名的电子邮件

我们收到的这封电子邮件绝对是垃圾邮件/欺骗我们的东西(我还没有设置 DMARC,也没有在另一家为我们发送电子邮件的服务上完成 DKIM 的设置)。我不明白他们是如何签署他们的东西的,所以 gmail 认为它是由 orderlyhealth.com 签名的

在此处输入图片描述

我确实将 DNS TXT 记录粘贴到了论坛中,但据我所知,该 DNS 记录无论如何都可以通过 DNS 查询公开获取。我该如何解决这个问题?

我的意思是,我可以生成另一个 DKIM,但这个是 2 天前新生成的。有人知道我们是如何签名的吗?

这是更详细的输出。我也不确定 s=arc20160816 是什么?

Delivered-To: [email protected]
Received: by 2002:a6b:5001:0:0:0:0:0 with SMTP id e1csp1947026iob;
        Fri, 21 Feb 2020 05:04:06 -0800 (PST)
X-Received: by 2002:ac8:7b45:: with SMTP id m5mr32434623qtu.360.1582290246056;
        Fri, 21 Feb 2020 05:04:06 -0800 (PST)
ARC-Seal: i=3; a=rsa-sha256; t=1582290246; cv=pass;
        d=google.com; s=arc-20160816;
        b=bvvshqe0Y8Uniim1d8GKdZU7oqyDn0298i8qhPkP73I+A2vePpiF22VkubNgGlWSUD
         bNtas4I6zYKQU/d7uxhQuHbbyFx2HMUR4n1xf6QyP719+GlCu3PcSi8BkNWZRkEXHFxw
         92DF3KJtwxW6YVcglD+jjVOR5gsXjEpJlfBqrxa0Rl4Q+C0/tmLWpVFCmltz87se+8Za
         m6YrD+/iJp1OjilSD54V3OBK0KQqV9VzxuGxxMkxPBuKkYj73nM112E6pp/QVJ5me/TJ
         BM8lGsGK2ZglS1T6+TtEvKv7yaj3MlhhL6s9ClWQHTFg2XSSqVQULBtCaxPIOwKVPLfN
         CvLQ==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:references:mime-version
         :subject:message-id:to:from:date:dkim-signature;
        bh=o+BHhaX/uRUnoG19hCZjf0gaI+eThuTb2hVLwjdhJ3w=;
        b=UuS0+uU5YLc47u5c5BUaVqUgPFUmHgbBfmdLBm6afmXpiFWlmP8f2q65AdT/N5eG6D
         z/Co8HUH6ofQ76w/LV4fNc4Jy2KUzK+MA++/6I33Gt9MK6JIaKJSejWOnCrMCOhCyhVU
         Rmo6xhvDCkHGY/0tr+etMMssZK+CV3LnitgDSOphKFma5Gdlb4cVoV3F9vfXtFa4Jwun
         XAt/6rZTzDKY16NsEMgs+FHbeyX6W4BM2JVAjH3UOAMBZjW1ImGQJ9dl/f0rWzcVa0Ix
         nIUkedzzZkzwe1qXC2lpqFwquP3MI6sGZ9c7r4DfJ6jpmqoCxPi5YcqKFMhQfkiSCNnU
         l1Cw==
ARC-Authentication-Results: i=3; mx.google.com;
       dkim=pass [email protected] header.s=google header.b="IAZPaAZ/";
       arc=pass (i=2 spf=pass spfdomain=aol.com dkim=pass dkdomain=aol.com dmarc=pass fromdomain=aol.com);
       spf=pass (google.com: domain of [email protected] designates 209.85.220.69 as permitted sender) smtp.mailfrom=feedback+bncBAABBRFKX7ZAKGQEUPI2JGI@orderlyhealth.com
Return-Path: <[email protected]>
Received: from mail-sor-f69.google.com (mail-sor-f69.google.com. [209.85.220.69])
        by mx.google.com with SMTPS id r145sor2399960qke.204.2020.02.21.05.04.05
        for <[email protected]>
        (Google Transport Security);
        Fri, 21 Feb 2020 05:04:06 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates 209.85.220.69 as permitted sender) client-ip=209.85.220.69;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=google header.b="IAZPaAZ/";
       arc=pass (i=2 spf=pass spfdomain=aol.com dkim=pass dkdomain=aol.com dmarc=pass fromdomain=aol.com);
       spf=pass (google.com: domain of [email protected] designates 209.85.220.69 as permitted sender) smtp.mailfrom=feedback+bncBAABBRFKX7ZAKGQEUPI2JGI@orderlyhealth.com
ARC-Seal: i=2; a=rsa-sha256; t=1582290245; cv=pass;
        d=google.com; s=arc-20160816;
        b=HrjnGBJO93TjEeQKQ+eEi4EMWoiirXDmkGZyZtUkzvXMwLdui9ZZn2Yz+niGOI4znU
         FIFjlVnXnq64V8kzcnkn//O8yEDXVEO2nA9efPd/RZWBN1MJjYRHBlSCGh8wndAQ8J4+
         7m6oFf4P99PJ91oUNk49b1tSURYYoUEFPe51QPYKtFDmO0x+d3ddI21GOhVtYrLaaW1E
         S8HCDhIRJAEhT3lGT6jIEZJMtpCNkGchlbIrDevGvv8RUVvn3fwk8m9CaOcL0jvSzoa7
         IeQ8PQ6M1+9OGfxPLY4jgZOCaVxnZfKoxGzO4U0+jbBDcj0Kj5ao2JZ4e6Ua9Y8tR4tO
         9AGA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:references:mime-version
         :subject:message-id:to:from:date:dkim-signature;
        bh=o+BHhaX/uRUnoG19hCZjf0gaI+eThuTb2hVLwjdhJ3w=;
        b=uSuHz78h1ffeLXb463HK8vEkVgfSGktSAcWE1iE2F+pShTj6vdLek43chmlK2hW51z
         bSEZ9oyNWmjvBcY32sdJ55vAo3jkS0DsJGekZ1SfNNzVdOj6h0rCN1WuRaYmwu1tSI/u
         WhYepwYixaUThWE/RA4ZIvgdVMoGWTWklI4QVqnB+Q0tbGJ1OlzYKIQJoaY/GtKYYzDT
         4CMJPd0I+94eKVm2S5UAbkBEebv3asHYdsocn0txA/EpyGrho1bHD3gG4dBGsN9q3Mdr
         vH4xLK4JXh2EHg770rn19QaGQ4Tg496jTPOKiH49HplAGFmvurHEwXmmTetoWFmztCLC
         bYDw==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass [email protected] header.s=a2048 header.b=emKsZo83;
       spf=pass (google.com: domain of [email protected] designates 74.6.135.41 as permitted sender) [email protected];
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=aol.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=orderlyhealth.com; s=google;
        h=date:from:to:message-id:subject:mime-version:references
         :x-original-sender:x-original-authentication-results:reply-to
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=o+BHhaX/uRUnoG19hCZjf0gaI+eThuTb2hVLwjdhJ3w=;
        b=IAZPaAZ/WUaejaVM9hWRc8Mmnd0HyoxMZmajftg74JtWUQG+UGsrN5u86M2ygl2FSc
         0xoZgJ3Y4lXPft9XY4K8Am7FwRbBnQEu6C0/e7b3iJM27pUwkNs/EMZkiZQa8ANgC14b
         /0U8BFsdnD9urqKPpPqUZKzu8TNzuUx5I1iuijTURbw/9eI/ucfFj+UzPxvN0HhADpXM
         XXi/h2Vooo1OI2MuHhMZOCER1gf2StsTE6tqku41W02lgBZUyLvyql24/HYsyml9SahK
         HGuDCV+H32e8y3SOf08xh3OZcDPyxSs+79Tk0HWv23K/q7Om8NdAilPgEBX9rdbM2t05
         CNPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:message-id:subject:mime-version
         :references:x-original-sender:x-original-authentication-results
         :reply-to:precedence:mailing-list:list-id:x-spam-checked-in-group
         :list-post:list-help:list-archive:list-subscribe:list-unsubscribe;
        bh=o+BHhaX/uRUnoG19hCZjf0gaI+eThuTb2hVLwjdhJ3w=;
        b=V2XV9PuGtu7Nx7qBVwYw0v343y02ghIEau3AfDMDu5p0gS2SCXadBEhkdM5lBS/x60
         ULndSssSsmACnnQLoCmOfcYv3ztTl9DQTRrOS1FNh36jcZnNtDA7zuAV9H6uHsb2xVzi
         sEE4UDtc9M2Qnc8K6yClZuVpjj9Be+4E0/2OGPVPc0ZRcEfOcluD5SCsgMorxEboRpmh
         W9LPyQtu8UHEDl40hDI6gvGU4lGrfYqX5ABLbYEV6rkTeZw8DA4pedP3JlIvukxuVaeG
         ZR5SyWIUEocQfm3o6mKwj0j7koO0TQLW2eQMk3FjUGsrCLf1vLaoBc0BvPgaIaz6+Hei
         swog==
X-Gm-Message-State: APjAAAVXv7rfrJWWeH4DALmtuGKw10JItkCWTmhOJA/DttBJCUjg3iJa O4UZUAEMH+n0JurZYSj2BETwSyI=
X-Google-Smtp-Source: APXvYqxzIg8yD5Fbvg2l4ZtzJYzsgrZ13izO+9hff5n6r3rWYRsqj9qx5XKSRQ9IA099ey/w1c5BOQ==
X-Received: by 2002:a37:4ce:: with SMTP id 197mr33148857qke.269.1582290245238;
        Fri, 21 Feb 2020 05:04:05 -0800 (PST)
X-BeenThere: orderlyhealth.com
Received: by 2002:ad4:42c4:: with SMTP id f4ls450657qvr.10.gmail; Fri, 21 Feb 2020 05:04:05 -0800 (PST)
X-Received: by 2002:a05:6214:b82:: with SMTP id fe2mr25983273qvb.35.1582290244028;
        Fri, 21 Feb 2020 05:04:04 -0800 (PST)
X-BeenThere: [email protected]
Received: by 2002:a37:6550:: with SMTP id z77ls1078681qkb.10.gmail; Fri, 21 Feb 2020 05:04:03 -0800 (PST)
X-Received: by 2002:a37:4fc3:: with SMTP id d186mr34983318qkb.100.1582290240711;
        Fri, 21 Feb 2020 05:04:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1582290240; cv=none;
        d=google.com; s=arc-20160816;
        b=LpdcX4j2wKD56mtNgthN2w5TVpRsKTCN9hNVQDnecTeFW7xZvaPXhchXz4Dn6UIwUL
         NJYL991vfhnXxr3vFRgaowFwZugsqI4c7zPy1EMfURNKZSn+8j8eL6R6rMo1odoV4pPE
         8DxC6xEMGiIPSFkTuW1Oo65nUOyO/vzotDK1Mhkupniu5Qy8wLNenY7qpcE7B5Na9BXn
         EGWmenzmiSHr2B864PoT0Skzs0j74jMduVGZTof8DtVC+MxF1jaU58GWcQHCcUl2JJHl
         v+NdxWUSlRbxcHXmBmdFqe9qZwj6zUr39+OfJq4wv1rPRjLtGLyihL0AdJMzwLCJK9Wb
         FZPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=references:mime-version:subject:message-id:to:from:date
         :dkim-signature;
        bh=o+BHhaX/uRUnoG19hCZjf0gaI+eThuTb2hVLwjdhJ3w=;
        b=Ef09qd/Uc9Bcw8+GaDeseFJ9wR7IIAzyUAfqFTb/0xfwWRPRm8700nHw7IcJbWEZh7
         w5qvyjwQGGidQMYQT7C3UH8kXiU7P0VG1/lHsaJ9gigRw22G9SLtwTIi/C8FYMbrOpMB
         xvx9v178RbdHgi6Vuq/JvBtAKzw+DYUl/3C3v/IbEG+ebj2Eppdxc7OvkEh+KAhRY3QF
         2LzaDwhMtblMGcwkEd2aMGdKcmaPYinA/B64o0gE+LGYn1pQbMDS+Q3x00c7gQx32G1z
         Vh36st5JyqS4+2vDSwRTS/Gk49WibbqHVecQIy4HSCsjH3Y3nCs0wxev83vMMLWjBRqV
         uV9g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass [email protected] header.s=a2048 header.b=emKsZo83;
       spf=pass (google.com: domain of [email protected] designates 74.6.135.41 as permitted sender) [email protected];
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=aol.com
Received: from sonic302-2.consmr.mail.bf2.yahoo.com (sonic302-2.consmr.mail.bf2.yahoo.com. [74.6.135.41])
        by mx.google.com with ESMTPS id g5si1394012qto.185.2020.02.21.05.04.00
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 21 Feb 2020 05:04:00 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates 74.6.135.41 as permitted sender) client-ip=74.6.135.41;
X-YMail-OSG: eIMotm8VM1lJRGZ6HkOePTinhGTSwUpqW3g0AaIVpUBzAkbnX_YdaTiqth4rij2 QEhqgw83g6cToWHo0_kHoMl5yMWPX.YASm8NYFzeCbbNGOGrFJYljIUVZbXIiGp.KE0aqZVARXlO ooTOCkOBgQVLWKDqNZUx2ZI9w0_pHkc41NNJSSlJmF_bWE4C33xlYkMk0O8kiFR_Ry_veSvX5g7k owgwN2L8PYia5s.vN_7jptvAWsb4FvnnoktaFpU9K5qwxUQZ8VFuw0LRAT3._s9H4zVjwEO6IsRe KKUB0FDI1CBEcmgHWGj6cLnW.FRRcE5hyOTHiiBC5uETyIWjrRzS5nXhv0.Jme5mKKcZTduLbkM2 fbf3jG_0Mq_Sh2rZKQqgLj0.ajBYxtdEtDYBkkTsjLq6z9X.YGQTWnsg10PIW4O88MeJMRrUpE3D 1r88rDRP4vsGtR4U2WWxPKoBQ5fFR7.F9WkxOUnFPOZTOY3s8oE8K6ZeXKcj5uq1g9.INIx8TxQ8 TZ4.i8sEfxkf0EmDxBjoQu0PCSEenLqMzP.Xhsq1Q9QzZ8znIFp2VOxok21pxh2XRnxdw.zNrcbg a9.5ga1l42x4rSeGh7Ev42twsIU6M2FHgydnG.SzB._kXRFIBTwJNQmEqiQ1LQE_vEV0oKBRTlxt AIZGFCyTD2FqsVnjRSdwQf0JQHmZd_DDCFhwrIx91cg8cOpCnYxUesUx8.cTqEcaVvWLu9Bgs834 m0kJc7yFVPtq_TJ11HlmnvCx0TVkEaTTOU5mkMV510XiQzUu5dEDhORyQco4XHuWTUeJmmN_ABYt MtnTSO.xbJybFao8niPdtsX70HnUaJASmyWFZnmiYxspcYVc94kGW45QG1i7C.mdl2AKqH_x7PJY OTg82GixgroOsHdRQW5ar.TF0DVdKWenptUQigXz7tNUJxSpLCbWdJGvwf_YV7C_gB6BFZT3aAfi ZVZBsdyDJ1nLMmZLvQuZjpa41kxjD7XdUGPR3O7PIF2lwrvYOZ33fyBvJRMKTRO67Rcy2OVZgeBX jHYBQCQf2zaSacLwiL1aTyX1KXkcS0sTqhOM.EkIyWpcjlI0zvpCU4xfv2zJaGRrWqtSec.SySzy YRFHk.k4JM.i.hXpb8HgzspqvfzyeNbddAvBJaOeEZwrrkwuCWQYpqoRczzy4qeNzXoOHHADaN3J JIJl75MnWUx78hs23ev7TYuhTg1J.k4y56WBeq1uW42kk5ov.tGNM0vPTQypqxiqvkr9fMKY0RTR C2FFpYa2BK85McjhbQeJMjN2olmQD5IisSGAAJ42YBWXqvQ--
Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.bf2.yahoo.com with HTTP; Fri, 21 Feb 2020 13:04:00 +0000
Date: Fri, 21 Feb 2020 13:03:57 +0000 (UTC)
From: "'Candy
  Villegas' via Feedback" <[email protected]>
To: [email protected]
Message-ID: <[email protected]>
Subject: [feedback] February Overdue Invoice, from Amazon Enterprises
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_Part_4526782_1221472274.1582290237759"
References: <[email protected]>
X-Mailer: WebService/1.1.15199 aolwebmail Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 251525
X-Original-Sender: [email protected]
X-Original-Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=a2048 header.b=emKsZo83;
       spf=pass (google.com: domain of [email protected] designates 74.6.135.41 as permitted sender) [email protected];
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=aol.com
X-Original-From: Candy
  Villegas
  <[email protected]>
Reply-To: Candy
  Villegas <[email protected]>
Precedence: list
Mailing-list: list [email protected]; contact [email protected]
List-ID: <feedback.orderlyhealth.com>
X-Spam-Checked-In-Group: [email protected]
X-Google-Group-Id: 25325095221
List-Post: <https://groups.google.com/a/orderlyhealth.com/group/feedback/post>, <mailto:[email protected]>
List-Help: <https://support.google.com/a/orderlyhealth.com/bin/topic.py?topic=25838>, <mailto:[email protected]>
List-Archive: <https://groups.google.com/a/orderlyhealth.com/group/feedback/>
List-Subscribe: <https://groups.google.com/a/orderlyhealth.com/group/feedback/subscribe>, <mailto:[email protected]>
List-Unsubscribe: <mailto:[email protected]>, <https://groups.google.com/a/orderlyhealth.com/group/feedback/subscribe>

答案1

只是为了添加更多有关 @Dean 和 @Reinto 发现的有关 Google 为什么在发件人姓名上实现“via”信息的详细信息:

按照 DMARC rfc7489,低于 10.5。 互操作性问题

“由于 DMARC 依赖 [SPF] 和/或 [DKIM] 来实现“通过”,因此它们的限制也适用。

当消息由某些中介器(例如邮件列表)处理时,会出现额外的 DMARC 约束。通过中介器通常会导致身份验证失败或标识符对齐丢失。这些转换可能符合标准,但仍会阻止 DMARC“通过”。

话虽如此,让我们回顾一下整个场景:

邮件从具有 DMARC 策略以拒绝或隔离的域发送到公开 Google 群组。Google 群组将收到来自原始发件人的邮件,且已实施 DMARC 策略(拒绝或隔离)。现在,群组需要将邮件发送给其成员(在收到邮件并检查哪些成员应该收到邮件之后)。

该消息将从群组地址扩展到成员,但“发件人”将保留为原始发件人,但“SMTP FROM”(在 Google 方面称为“返回路径”地址)将更改为群组地址。

这在什么时候会成为一个问题?

再次,如果原始发件人有 DMARC,则可以防止垃圾邮件发送者伪造其域名。因为当群组收到消息时,它会将发件人字段中的地址从真实发件人更改为群组地址,过去这会导致大量 DMARC 拒绝。

谷歌采取了什么措施来解决这个问题?

为了缓解这种情况,Google 实施了一种解决方法,重写“发件人”地址以使用本地域,因此 DKIM 现在可以传递 DMARC。

对于小组成员来说,这是什么样的?

“群组成员通过以下方式以‘发件人姓名’接收来自外部发件人的消息:”

尽管这可能会让最终收件人感到困惑。但这是必需的功能,可以保证发件人在其域中具有 DMARC 保护的邮件能够送达群组。

最后,正如你所注意到的,这是有记录的这里

答案2

好吧,对于所有黑客来说,他们可以揭露这一点,因为这听起来像是现在 gmail 中与 google 群组的一个大漏洞。我希望他们可以关闭这个安全漏洞,但这是来自 google 支持的信息......

  • Google 服务器使用其域密钥验证发件人域创建的 DKIM 签名。(dkim=pass[电子邮件保护]
  • Google 服务器会创建该消息的副本并将其发送给群组中的每个成员。此副本使用 Google 的域密钥进行签名。
  • 该消息已传递给群组成员,并且 DKIM 再次经过验证。
  • 一些流行的电子邮件提供商更改了其系统规则,使得群组电子邮件因 DMARC 失败而被标记为垃圾邮件的可能性更高。为了解决这个问题,我们更改了发件人联系信息的显示方式。以前,电子邮件的“发件人”字段包含向您的群组发送电子邮件的人员的姓名和电子邮件地址。现在,“发件人”字段将显示人员的姓名和他们发送电子邮件的群组的名称。当我们遇到“p=reject 或 p=quarentine”DMARC 策略时,就会发生此更改。

基本上,该电子邮件是由 aol.com 签名的,但他们让它在我们公司显示为由美国签名,因此员工认为它来自内部用户。这太糟糕了。我希望 gmail 可以修复它。

相关内容