我在 mail-tester.com 上获得了 6.1/10 的分数,其中 DMARC 验证是唯一相关的惩罚(-3)。
* Your DKIM signature is valid
* Your message failed the DMARC verification
A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and give instruction if neither of those authentication methods passes. Please be sure you have a DKIM and SPF set before using DMARC.
You are not allowed to send a message with this address
DMARC DNS entry found for the domain _dmarc.mail.example.com:
"v=DMARC1;p=reject;rua=mailto:[email protected]"
Verification details:
mail-tester.com; dmarc=fail header.from=mail.example.com
mail-tester.com; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=mail.example.com [email protected] header.b=MVNy47/y; dkim-atps=neutral
From Domain: mail.example.com
DKIM Domain: mail.example.com
该电子邮件通过 SMTP 中继通过付费的 mailjet 帐户发送。
这是我的 DNS 配置,mailjet 将 DKIM 和 SPF 报告为“ok”:
@ IN TXT "v=spf1 include:_spf.google.com ~all"
_dmarc.example.com. IN TXT "v=DMARC1;p=none;sp=none;pct=50;adkim=r;aspf=r;"
_dmarc.mail IN TXT "v=DMARC1;p=reject;rua=mailto:[email protected]"
default2103._domainkey IN TXT "v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBTlvBdpQXS3+g6rPM4fd" "O5EFHrt6EDRS6HMAzf4yYVsp9JwC145ftSzmw/qwdeW3c+JlwvqAipM2qf//A4HG/tpxV9ASX7Qa" "Yew6QlngiXB+T/ih37NrgUE0B2sUpijQ0n5mVd3sAstOQNPhyg5JeWOiJLLJS7xWbu/zwJ+WMB8h" "Phl5ZLrtfscsB56EawBJS/spGTKdOcq6aNm1yPUYvnWQsbWziuV9Y7NLb1yapauks1Yxug75HA12" "Zf7YTuaHPXuK+BSOSEzSUd5R/Fk7UZ1Ba1uX/OdcNKxZtaI0oYePHp9xzSMlWrj2RGbQP9WCKA0R" "HPHEKIwchsqXbIW6QIDAQAB"
mail IN TXT "v=spf1 include:spf.mailjet.com -all"
mailjet._bf00f643.mail IN TXT bf00f643e7c8377f55faab9307581acd
mailjet._domainkey.mail IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs9LUxwgF8P0uV+ulltAAyITc3aRqgsAVlr2ZygTnuYJQ10gSPU2M7NAKJTck3P10F8F49t2BnBYsKzUo4AHlZ7V5kafYu3c9Gd50TfcMyqbGB1CL+ITfRxxh3opTTMZAvcCv/EpH9+dG1iw1a1ahZHTC2TvfF6k0thbIWjWIgQwIDAQAB"
@ 3600 IN MX 10 ALT4.ASPMX.L.GOOGLE.COM.
@ 3600 IN MX 5 ALT2.ASPMX.L.GOOGLE.COM.
@ 3600 IN MX 1 ASPMX.L.GOOGLE.COM.
@ 3600 IN MX 10 ALT3.ASPMX.L.GOOGLE.COM.
@ 3600 IN MX 5 ALT1.ASPMX.L.GOOGLE.COM.
我用 替换了实际域名example.com。主域名由 google 工作区使用,但 mail.exmaple.com 用于交易电子邮件。我正尝试通过 mail.example.com 发送。
这是电子邮件:
Received: by mail-tester.com (Postfix, from userid 500)
id 4C207A988D; Tue, 27 Jul 2021 16:51:48 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail-tester.com
X-Spam-Level:
X-Spam-Status: No/0.9/5.0
X-Spam-Test-Scores: DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,
HEADER_FROM_DIFFERENT_DOMAINS=0.249,HTML_MESSAGE=0.001,
HTML_MIME_NO_HTML_TAG=0.635,MIME_HTML_ONLY=0.1,SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001,URIBL_BLOCKED=0.001
X-Spam-Last-External-IP: xx.xxx.xxx.xxx
X-Spam-Last-External-HELO: o123.p8.mailjet.com
X-Spam-Last-External-rDNS: o123.p8.mailjet.com
X-Spam-Date-of-Scan: Tue, 27 Jul 2021 16:51:48 +0200
X-Spam-Report:
* 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
* blocked. See
* http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
* for more information.
* [URIs: mjt.lu]
* -0.0 SPF_PASS SPF: sender matches SPF record
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
* mail domains are different
* 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
* author's domain
* 0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
* tag
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=xx.xxx.xxx.xxx; helo=o123.p8.mailjet.com; [email protected]; [email protected]
DMARC-Filter: OpenDMARC Filter v1.3.1 mail-tester.com 9F060A988C
Authentication-Results: mail-tester.com; dmarc=fail header.from=mail.example.com
Authentication-Results: mail-tester.com;
dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=mail.example.com [email protected] header.b=MVNy47/y;
dkim-atps=neutral
Received: from o123.p8.mailjet.com (o123.p8.mailjet.com [xx.xxx.xxx.xxx])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by mail-tester.com (Postfix) with ESMTPS id 9F060A988C
for <[email protected]>; Tue, 27 Jul 2021 16:51:39 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; q=dns/txt;
d=mail.example.com; [email protected]; s=mailjet;
h=message-id:mime-version:from:reply-to:to:subject:date:list-unsubscribe-post:
list-unsubscribe:feedback-id:x-csa-complaints:x-mj-mid:x-mj-smtpguid:
x-report-abuse-to:content-type:content-transfer-encoding;
bh=TIkRui7Va59h4geTtPXAKHua6pDPeJyum82T2lGo2Ww=;
b=MVNy47/y6hs1gHGz8eiJlWuG18UsJ/Fhxa5vf7K5tDJt1jSfpePjd2YCb
N1jbcfPt57l77VjSd8+vcwC2g5+yWyBHfkTuF8F7fGA9Vgn740zOLpMVjxlx
PX71Bkay8jB4kG7Shtpus9XU+/a9WN5E9ygqWReclkE7X3uNqd78pQ=
Message-Id: <[email protected]>
MIME-Version: 1.0
From: Example <[email protected]>
Reply-To: [email protected]
To: [email protected]
Subject: Example Registrierung
Date: Tue, 27 Jul 2021 14:51:38 +0000
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe:
<mailto:xxxxx.mailjet.com>,
<https://xxxxxxxxxxxxxxxxx>
Feedback-Id: 42.1636236.1611053:MJ
X-CSA-Complaints: [email protected]
X-MJ-Mid:
xxxxxxx
X-MJ-SMTPGUID: 4c0f08ce-7ed4-457b-9f60-fdf493ab9e3e
X-REPORT-ABUSE-TO: Message sent by Mailjet please report to
[email protected] with a copy of the message
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
我不明白为什么验证失败以及我该怎么办?其他工具dmarcanalzer说配置很好。
编辑
向 Gmail 帐户发送邮件后,邮件会被归类为垃圾邮件。但在 Gmail 中显示“原始邮件”时,SPF、DKIM 和 DMARC 均显示“通过”:
答案1
原因是这样的:(1024-bit key; unprotected)
您只需将您的 DKIM 密钥替换为 2048 位密钥,就可以了。
希望有帮助^_^