Domain-Name-System
以 Yahoo 和 Hotmail 垃圾郵件文件夾結尾的 Amazon SES 電子郵件,即使 SPF 和 SenderID 以及 DKIM 設置正確
這令人難以置信的沮喪。即使我的 SPF、SenderID 和 DKIM 設置正確,我的 Amazon SES 電子郵件仍以 Yahoo & Hotmail Spam 文件夾結尾。由於這個特定站點要求使用者確認他們的電子郵件地址,因此自從使用 Amazon SES 以來,我失去了超過 50% 的新註冊,需要緊急解決這個問題。
這是我的 SPF 和 SenderID 記錄(它們包括來自 Google、Rackspace 和 Amazon 的電子郵件服務):
v=spf1 include:_spf.google.com include:emailsrvr.com include:amazonses.com ~all
spf2.0/pra include:_spf.google.com include:emailsrvr.com include:amazonses.com ~all我使用 GoDaddy 託管此特定域,您似乎不需要使用引號 (") 來包圍 SPF 和 SenderID 記錄。(事實上,當我嘗試使用引號時,Kitterman和MXtoolbox工具都找不到 SPF記錄,當我刪除引號時,兩個服務都找到了。)
然而,即使我使用的是亞馬遜自己推薦的 SPF 和 SenderID 記錄,我還是向Port25 的身份驗證驗證器服務發送了一封測試電子郵件,雖然 DKIM 通過了,但似乎 SPF 和 SenderID 記錄都有permerrors,並且它似乎這些錯誤在亞馬遜的末端是因為有“多條記錄”(Kitterman 工具失敗的原因相同“結果 - PermError SPF 永久錯誤:找到了兩個或更多類型的 TXT spf 記錄。”)。以下是 Port25 服務的結果:
This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at <verifier-feedback@port25.com>. This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at <verifier-feedback@port25.com>. Thank you for using the verifier, The Port25 Solutions, Inc. team ========================================================== Summary of Results ========================================================== SPF check: permerror DomainKeys check: neutral DKIM check: pass Sender-ID check: permerror SpamAssassin check: ham ========================================================== Details: ========================================================== HELO hostname: a192-142.smtp-out.amazonses.com Source IP: 199.255.192.142 mail-from: 000000@amazonses.com ---------------------------------------------------------- SPF check details: ---------------------------------------------------------- Result: permerror (multiple SPF records) ID(s) verified: smtp.mailfrom=000000@amazonses.com DNS record(s): amazonses.com. SPF (no records) amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all" amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all" amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all" amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all" amazonses.com. 900 IN TXT "mailru-verification: 71asdf5de908d6ed" ---------------------------------------------------------- DomainKeys check details: ---------------------------------------------------------- Result: neutral (message not signed) ID(s) verified: header.From=no-reply@mysite.com DNS record(s): ---------------------------------------------------------- DKIM check details: ---------------------------------------------------------- Result: pass (matches From: no-reply@mysite.com) NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM. ---------------------------------------------------------- Sender-ID check details: ---------------------------------------------------------- Result: permerror (multiple SPF records with 'pra' scope) ID(s) verified: header.From=no-reply@mysite.com DNS record(s): _spf.google.com. SPF (no records) _spf.google.com. 300 IN TXT "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all" emailsrvr.com. SPF (no records) emailsrvr.com. 28800 IN TXT "v=spf1 ip4:207.97.245.0/24 ip4:207.97.227.208/28 ip4:67.192.241.0/24 ip4:98.129.184.0/23 ip4:72.4.117.0/27 ip4:72.32.49.0/24 ip4:72.32.252.0/24 ip4:72.32.253.0/24 ip4:207.97.200.40 ip4:173.203.2.0/25 ip4:173.203.6.0/23 ip4:50.57.0.0/27 ~all" amazonses.com. SPF (no records) amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all" amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all" amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all" amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all" amazonses.com. 900 IN TXT "mailru-verification: 71asdf5de908d6ed" ---------------------------------------------------------- SpamAssassin check details: ---------------------------------------------------------- SpamAssassin v3.3.1 (2010-03-16) Result: ham (-2.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SINGLE_HEADER_2K A single header contains 2K-3K characters -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [199.255.192.142 listed in list.dnswl.org] -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature ========================================================== Explanation of the possible results (from RFC 5451) ========================================================== SPF and Sender-ID Results ========================= "none" No policy records were published at the sender's DNS domain. "neutral" The sender's ADMD has asserted that it cannot or does not want to assert whether or not the sending IP address is authorized to send mail using the sender's DNS domain. "pass" The client is authorized by the sender's ADMD to inject or relay mail on behalf of the sender's DNS domain. "policy" The client is authorized to inject or relay mail on behalf of the sender's DNS domain according to the authentication method's algorithm, but local policy dictates that the result is unacceptable. "fail" This client is explicitly not authorized to inject or relay mail using the sender's DNS domain. "softfail" The sender's ADMD believes the client was not authorized to inject or relay mail using the sender's DNS domain, but is unwilling to make a strong assertion to that effect. "temperror" The message could not be verified due to some error that is likely transient in nature, such as a temporary inability to retrieve a policy record from DNS. A later attempt may produce a final result. "permerror" The message could not be verified due to some error that is unrecoverable, such as a required header field being absent or a syntax error in a retrieved DNS TXT record. A later attempt is unlikely to produce a final result. DKIM and DomainKeys Results =========================== "none" The message was not signed. "pass" The message was signed, the signature or signatures were acceptable to the verifier, and the signature(s) passed verification tests. "fail" The message was signed and the signature or signatures were acceptable to the verifier, but they failed the verification test(s). "policy" The message was signed but the signature or signatures were not acceptable to the verifier. "neutral" The message was signed but the signature or signatures contained syntax errors or were not otherwise able to be processed. This result SHOULD also be used for other failures not covered elsewhere in this list. "temperror" The message could not be verified due to some error that is likely transient in nature, such as a temporary inability to retrieve a public key. A later attempt may produce a final result. "permerror" The message could not be verified due to some error that is unrecoverable, such as a required header field being absent. A later attempt is unlikely to produce a final result. ========================================================== Original Email ========================================================== Return-Path: <000000@amazonses.com> Received: from a192-142.smtp-out.amazonses.com (199.255.192.142) by verifier.port25.com id asdf for <check-auth2@verifier.port25.com>; Sat, 1 Sep 2012 09:24:25 -0400 (envelope-from <000000@amazonses.com>) Authentication-Results: verifier.port25.com; spf=permerror (multiple SPF records) smtp.mailfrom=000000@amazonses.com Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=no-reply@mysite.com Authentication-Results: verifier.port25.com; dkim=pass (matches From: no-reply@mysite.com) header.d=mysite.com Authentication-Results: verifier.port25.com; sender-id=permerror (multiple SPF records with 'pra' scope) header.From=no-reply@mysite.com Return-Path: 000000@amazonses.com Message-ID: <000000@email.amazonses.com> Date: Sat, 1 Sep 2012 13:24:08 +0000 Subject: Confirm your E-mail From: "Register@mysite.com" <no-reply@mysite.com> To: check-auth2@verifier.port25.com MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SES-Outgoing: 199.255.192.142 Hello testuser, Confirm your e-mail by clicking this li= nk: http://mysite.com/confirmemail/aaasdf7798e If you ar= e having problems confirming, enter the code below. Code: aaasdf7798e Thanks! The mysite.com Team我可以做些什麼來解決這個緊急問題,以便我通過 Amazon SES 發送的電子郵件同時通過 SPF 和 SenderID 並最終進入我的 Yahoo 和 Hotmail 使用者的收件箱?我已經嘗試了一切,但似乎沒有任何效果。謝謝。
這個工具是對的,一個域只允許有一個TXT/SPF記錄。
無法為您正確解決此問題,您需要聯繫亞馬遜以修復他們的記錄。
這些需要合併(對於 類似
v=spf2):amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all" amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"注意
54.240.0.0/18部分也是錯誤的,應該是ip4:54.240.0.0/18.您當然可以
include:amazonses.com手動刪除並添加 IP 範圍。但如果這些範圍發生變化,它將再次失敗。