Domain-Name-System

如何通過 SPF 記錄阻止/黑名單垃圾郵件伺服器

  • November 11, 2016

我有 SPF 記錄:

v=spf1 include:_spf.google.com ip4:70.xx.xx.xx -all

我有Google的預設值

v=spf1 include:_spf.google.com ~all

我一直在遠離這個預設設置,以努力使用 SPF 來防止伊朗的一些垃圾郵件發送者繼續發送郵件,當他們遇到虛假地址時,會向我發送類似以下的郵件:

收到的 SPF:中性(google.com:2.191.xx.xx不被允許也不被拒絕的域的最佳猜測記錄*$$ jimmy@somedomain.ca $$*) 客戶端 IP= 2.191.xx.xx

該消息暗示有一種方法可以拒絕垃圾郵件發送者的 IP,但我沒有找到它,所以我最終不確定。

有小費嗎?我希望我的 SPF 直接或間接拒絕這個垃圾郵件發送者。

更新:添加了我試圖回應的完整、未更改的消息(下)

Delivered-To: jimmy@somedomain.ca
Received: by 10.28.62.13 with SMTP id l13csp432424wma;
       Sat, 22 Oct 2016 05:10:20 -0700 (PDT)
X-Received: by 10.99.104.196 with SMTP id d187mr9004304pgc.26.1477158220522;
       Sat, 22 Oct 2016 05:10:20 -0700 (PDT)
Return-Path: <>
Received: from mail-pf0-x241.google.com (mail-pf0-x241.google.com. [2607:f8b0:400e:c00::241])
       by mx.google.com with ESMTPS id hf1si1759156pac.263.2016.10.22.05.10.20
       for <jimmy@somedomain.ca>
       (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
       Sat, 22 Oct 2016 05:10:20 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of postmaster@mail-pf0-x241.google.com designates 2607:f8b0:400e:c00::241 as permitted sender) client-ip=2607:f8b0:400e:c00::241;
Authentication-Results: mx.google.com;
      dkim=pass header.i=@googlemail.com;
      spf=pass (google.com: best guess record for domain of postmaster@mail-pf0-x241.google.com designates 2607:f8b0:400e:c00::241 as permitted sender) smtp.helo=mail-pf0-x241.google.com;
      dmarc=pass (p=QUARANTINE dis=NONE) header.from=googlemail.com
Received: by mail-pf0-x241.google.com with SMTP id r16so11229439pfg.3
       for <jimmy@somedomain.ca>; Sat, 22 Oct 2016 05:10:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
       d=googlemail.com; s=20120113;
       h=mime-version:from:to:subject:message-id:date;
       bh=hC195D3nA0Uzbsy/ut7vMIZ53a6ExjkByblQBH/81WQ=;
       b=AJOIjSrQPo4+I5fbjmy+4QU7BBVFtRorLh4NYVEZv0zMY5dYn9OMh4pVRRiQoSN4JE
        k0JZJbBzkvPNGXD0ImqQ+cRPD6/Q9yN+QjbRJksR91dJvO2ZeM36OLsY7erIbOYgq1rz
        H80waLIVDDJSRZv2r4zvFnX9K6hE6fZDbDG7x3jKRkGnIzQk2Z1aQ/TGPTz8parrQJrT
        hryzTMSw7T5DKioVYElBpH/wlS8HMaoL2g023KzBtpwLrfkbFE3zeTv0GTryhEeunONH
        +UPEvLr+th5IKpG4VZlrGu17Vz4MKgJgB30g+KGu/Ljbzi/ffLSpSFkN7hZvs2mmBpY+
        PoRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
       d=1e100.net; s=20130820;
       h=x-gm-message-state:mime-version:from:to:subject:message-id:date;
       bh=hC195C3nA0Uzbsy/ut7vMKZ43a6ExjjByblQBH/81WQ=;
       b=HTTQdb/I0eBlF6Q3o0z/wf24aSyu2lvlvIkpoC4Ov+l7c+ruXRnzT5mkUMWiDFCr/w
        LuDQcy7SluQrrnWsCm1k87F4gsUz320Zvb9lCEBqB4FnN37e521tP/C++4tzv6tA09Sd
        W5Wpsk38bHYj5jesKABb0k0Nj4tmS39j7h18BqTY0fnCHjb03pLJNGA1hmACX84Clf27
        bhsCyMhb5z6L7t5UOYTwQ95e2Vlx6jQH2P/h9iKyI+UnpoMOCe9grbvblSkdDiWTTMXR
        5G9KhdrTUmIBfrj+VlhZQoPRXjEjENeD4XEAZ1E4e3lBJfgGbg9Jg6N6PwpxFbnlGReW
        gwHA==
X-Gm-Message-State: ABUngvdfy0M/HHPXzmBpM3vEavjKEG5m35WPLvqH5SEh5U6PEOqEaJ7yK/eqjzO7jzkY1v9GbShSkKocgRqx1k3N1bmPLGh0
X-Received: by 10.99.110.142 with SMTP id j136mr8866332pgc.132.1477138220162;
       Sat, 22 Oct 2016 05:10:20 -0700 (PDT)
MIME-Version: 1.0
Return-Path: <>
Received: by 10.99.110.142 with SMTP id j136mr8914431pgc.132; Sat, 22 Oct 2016 05:10:20 -0700 (PDT)
From: Mail Delivery Subsystem <mailer-daemon@googlemail.com>
To: jimmy@somedomain.ca
Subject: Delivery Status Notification (Delay)
Message-ID: <001a11482caae59c5e053f730a8e@google.com>
Date: Sat, 22 Oct 2016 12:10:20 +0000
Content-Type: text/plain; charset=UTF-8

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

    samantha.bowmer@kojo.com.au

Message will be retried for 4 more day(s)

Technical details of temporary failure: 
The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 
[210.5.32.9 210.5.32.9: generic::failed_precondition: connect error (0): error]

----- Original message -----

X-Gm-Message-State: ABUngvdKe24Xp8DT1rP2gApcFad5/HjrNajRrB9UWHnLxPY9Cmcnd7WyG1oLjYpJrvk4WmDa+0noZVd+uXaMy0PzgG1WVtzkSWXlgEFBYAOKWZTeGeIEOnQJPFBFZJuzwxnkd+KVKcW5
X-Received: by 10.99.110.142 with SMTP id j136mr16455830pgc.132.1476957867242;
       Thu, 20 Oct 2016 03:04:27 -0700 (PDT)
X-Received: by 10.99.110.142 with SMTP id j136mr16455815pgc.132.1476957867120;
       Thu, 20 Oct 2016 03:04:27 -0700 (PDT)
Return-Path: <jimmy@somedomain.ca>
Received: from [2.191.29.134] ([2.191.29.134])
       by mx.google.com with ESMTP id z80si44284204pfj.251.2016.10.20.03.04.25
       for <samantha.bowmer@kojo.com.au>;
       Thu, 20 Oct 2016 03:04:26 -0700 (PDT)
Received-SPF: neutral (google.com: 2.191.29.134 is neither permitted nor denied by best guess record for domain of james.snell@dawning.ca) client-ip=2.191.29.134;
Authentication-Results: mx.google.com;
      spf=neutral (google.com: 2.191.29.134 is neither permitted nor denied by best guess record for domain of james.snell@dawning.ca) smtp.mailfrom=jimmy@somedomain.ca
Message-ID: <233E36AEEE2BA6766B63FBEB0EF3233E@6C2L74D>
From: <jimmy@somedomain.ca>
To: <samantha.bowmer@kojo.com.au>
Subject: Re: Salary [$1500 /week]
Date: 20 Oct 2016 15:04:13 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary="----=_NextPart_000_0027_01D22AD6.01109020"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3505.912
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3505.912

Dear samantha.bowmer,

We are looking for employees working remotely.

My name is Thanh, I am the personnel manager of a large International company.
Most of the work you can do from home, that is, at a distance.

Salary is $2900-$5100.

If you are interested in this offer, please visit 
Our Site

Have a nice day!

SPF 並不意味著不發送電子郵件,它只是一個標誌,表示“硬失敗”(-all)消息,這可以使其落在基於 ESP 的垃圾郵件文件夾中。

如果您使用拒絕策略啟用DMARC,那麼您將 100% 導致消息被拒絕並且不會傳遞給那些遵守 DMARC 策略的 ESP。GMAIL 就是其中之一。

啟用 DMARC 記錄就像添加 SPF 記錄一樣簡單,它完全基於 DNS 條目,就像 SPF 一樣。

在您的情況下,您的 DMARC 記錄將相當簡單。

_dmarc.somedomain.ca. IN TXT "v=DMARC1; p=reject; sp=none; rf=afrf; pct=100; ri=86400"

如果您想要報告,只需將 RUA 和 RUF 資訊添加到上面的記錄中。您可以使用DMARC 生成器為您生成記錄。

引用自:https://serverfault.com/questions/812065