垃圾邮件发送者如何使用我的 Google 应用域名伪造电子邮件(它甚至有 DKIM!)

垃圾邮件发送者如何使用我的 Google 应用域名伪造电子邮件(它甚至有 DKIM!)

最近我收到了很多反弹。

我以为我的 Google 应用帐户已被入侵,但我的应用帐户上没有任何活动,而且我肯定看不到任何恶意用户。

由于电子邮件总是通过某个随机用户名发送(例如[电子邮件保护]),我尝试找到一种禁止未注册用户发送电子邮件的方法。但我什么也没找到。

让我担心的是,邮件中有 X-Google-DKIM-Signature,并且显示“Google 尝试发送您的邮件”。这是否意味着这些电子邮件来自我信任的客户?(我只使用 Gmail)

据我所知,垃圾邮件发送者可以自由地欺骗电子邮件的每个字段,但 DKIM 应该让(现代)服务器丢弃这些无法验证的电子邮件。

知道泄漏在哪里吗?

以下是反弹的示例:

Delivery to the following recipient failed permanently:

     [email protected]

Technical details of permanent failure: Google tried to deliver your
message, but it was rejected by the server for the recipient domain
174.133.125.2 [174.133.125.2].

The error that the other server returned was: 553 sorry, that domain
isn't in my list of allowed rcpthosts; no valid cert for gatewaying
(#5.7.1)

----- Original message -----

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=x-received:x-received:received-spf:mime-version:date:message-id
         :from:to:subject:content-type:content-transfer-encoding
         :list-unsubscribe:x-gm-message-state;
        bh=l2RiLiEDvrHgBMSAjtLmNgIpmW4D1EFAIr3O42oBysM=;
        b=UBSW90YcP4Fu1vDLnvGCp06XEE5+FOAUR62qSnQrnaPcsKWJSdFT7x7XSU2+vHrpTI
         RaN4pHJWlaMHqtAUoMFE0T9hgBj0blZnNMDtMRFkcU4QD0E/QNw6VIQlAjWGOWvXghMc
         G+SX+YLugnQEWS6tG6guf1hF31XoB4a2HxvxQO4J+lWNLg60LaS7K4DiUr4yG25mvXBU
         uy+tXqjLKyZgA9jmvyVvBKeRYVwMIWvscJ26yw17K7LRfGZkAXzuvTVyGMuLUzthj5c5
         MSNZOG6u5faxtzdBkGRiNQVarq3IsXBuXcxk1vRiUktbM8OIhm2D4IrvhmTPrDF4yyTz
         EHhw==
X-Received: by 10.50.37.239 with SMTP id b15mr4892361igk.69.1360854627245; Thu, 14 Feb 2013 07:10:27 -0800 (PST)
X-Received: by 10.50.37.239 with SMTP id b15mr4892357igk.69.1360854627177; Thu, 14 Feb 2013 07:10:27 -0800 (PST)
Return-Path: <[email protected]>
Received: from [117.201.44.87] ([117.201.34.157]) by mx.google.com with ESMTP id vx6si33676538igb.26.2013.02.14.07.10.25; Thu, 14 Feb 2013 07:10:26 -0800 (PST)
Received-SPF: neutral (google.com: 117.201.34.157 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=117.201.34.157;
Authentication-Results: mx.google.com; spf=neutral (google.com: 117.201.34.157 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
MIME-Version: 1.0
Date: Thu, 14 Feb 2013 20:40:29 +0530
Message-ID: <B23FC935D84FBB6D39DD9BDCC44CD2.176.3699432888759@D>
From: "Valetine's Day" <[email protected]>
To: [email protected]
Subject: I will be excited if you are my Valetine
Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 8bit
List-Unsubscribe: <mailto:[email protected]>
X-Gm-Message-State: ALoCoQkVcAw4pG/8g2x1C02KHf4lLkBdJ4iLe9r1ZeGlGE1AwtZEQm5VsHh9tNmG04yH2ahWqXnIiKu7DrTf7j6bLHEaF0l0AMhrC6ZvnyJTUr4n+9TKMieQPycP0Pw8sCJ8DELiMNlLI/CGbgQ1ObMLghXauZTeqg==

----- End of message -----

答案1

确保您的应用程序帐户没有启用捕获所有地址,否则您将收到大量随机内容。 http://support.google.com/a/bin/answer.py?hl=en&answer=33962

不用担心 X-Google-DKIM-Signature(或任何其他以 X- 开头的标头),这是 Gmail 特有的,它不是真实的您的域的 DKIM 签名。如果您想要设置一个,请查看以下文章:http://support.google.com/a/bin/answer.py?hl=en&answer=174124

答案2

拒绝与 DKIM 无关,而是与收件人有关。但是,Google 邮件服务器为什么要尝试投递到错误的 MX?对我来说毫无意义。当然,收件人系统可能配置不正确。失败的收件人地址是否具有相同的 MX?

其他:您是否已验证 DKIM 签名?也许它只是一些看起来很技术性的文字...

相关内容