验证我们最近对我们的域名DMARC记录:DMARC/SPF/DKIM不会与第三方邮件
“V = DMARC1; P =检疫; PCT = 100;鲁阿=至mailto:我@ MYDOMAIN。 COM”
(检疫未经身份验证的电子邮件的100%和发送汇总报告,以‘我’)
我们使用第三方供应商发出邀请。供应商发送来自[email protected]的电子邮件,然后通过邮件中继“smtp3.mailrelaydomain.it”发送。我也知道邮件中继使用单个IP地址。
这个地址包含在我们的SPF记录:
“V = SPF1 ... [SNIP其他邮件服务器参考SNIP] ... IP4:[IP地址邮件中继] - 所有”
当我使用供应商的服务发送邀请时,邮件被隔离。
当我查看汇总DMARC报告中,我看到邀请:
- 被认为是从SPF-授权服务器
- 是通行证发件人的域名([email protected]原SPF认证.COM“)
- 传递的邮件中继域原始DKIM认证(smtp3.mailrelaydomain.it)
- 失败DMARC认证两者DKIM和SPF为MYDOMAIN
以下是来自邀请的示例标题。
开始:示例电子邮件标题
Delivered-To: [email protected]
Received: by 10.64.252.9 with SMTP id zo9csp100581iec;
Wed, 21 Oct 2015 11:40:13 -0700 (PDT)
X-Received: by 10.55.195.147 with SMTP id r19mr12995508qkl.12.1445452813709;
Wed, 21 Oct 2015 11:40:13 -0700 (PDT)
Return-Path: <[email protected]>
Received: from smtp3.mailrelaydomain.it (smtp3.mailrelaydomain.it. [ip for mail relay])
by mx.google.com with ESMTP id w15si9297939qha.131.2015.10.21.11.40.13
for <[email protected]>;
Wed, 21 Oct 2015 11:40:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates [mail relay ip] as permitted sender) client-ip=[mail relay ip];
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates [mail relay ip] as permitted sender) [email protected];
dkim=pass [email protected];
dmarc=fail (p=QUARANTINE dis=QUARANTINE) header.from=mydomain.com
Received: from FS-S05.vendorparentdomain.com (unknown [vendor parent ip])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by smtp3.mailrelaydomain.it (Postfix) with ESMTPSA id 23387A0CBC
for <[email protected]>; Wed, 21 Oct 2015 15:07:35 -0400 (EDT)
DKIM-Signature: [DKIM Content]
Content-Type: multipart/alternative;
boundary="===============2166944298367943586=="
MIME-Version: 1.0
Subject: Please take our survey
From: Me <[email protected]>
To: Someone Else <[email protected]>
Cc:
Date: Wed, 21 Oct 2015 18:39:48 -0000
Message-ID: <[email protected]>
List-Unsubscribe: [unsubscribe link],
<mailto:[email protected]>
Reply-To: Me <[email protected]>
X-Sender: [email protected]
我相信这个问题是由不匹配的邮件信封中域的邮件域相关;但是,供应商无法更改其设置(即信封始终来自供应商域),因此与DMARC配合使用的任何机会都必须由我来完成。
了解SPF记录可以(且确实)将邀请识别为来自SPF授权服务器,是否还有其他任何可以添加的设置或记录来确保来自供应商的邀请的DMARC身份验证?
阅读了几篇在线文章和"DMARC -spf and DKIM record queries"我怀疑我运气不好,但需要明确地/具体地询问我的情况,以确保。
感谢
我同意,SPF排列不匹配。但是,只要SPF或DKIM队列通过,您应该通过DMARC。你隐藏了DKIM-Signature,所以很难判断你是否在这两方面都不一致。这里有一篇很好的文章解释了[标识符对齐](https://www.unlocktheinbox.com/resources/identifieralignments/) – Henry