Domain-Name-System
為什麼這個 DMARC 驗證失敗?
我在 mail-tester.com 上獲得了 6.1/10 的分數,其中 DMARC 驗證是唯一相關的懲罰 (-3)。
* Your DKIM signature is valid * Your message failed the DMARC verification A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and give instruction if neither of those authentication methods passes. Please be sure you have a DKIM and SPF set before using DMARC. You are not allowed to send a message with this address DMARC DNS entry found for the domain _dmarc.mail.example.com: "v=DMARC1;p=reject;rua=mailto:dmarc-reports@example.com" Verification details: mail-tester.com; dmarc=fail header.from=mail.example.com mail-tester.com; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=mail.example.com header.i=no-reply@mail.example.com header.b=MVNy47/y; dkim-atps=neutral From Domain: mail.example.com DKIM Domain: mail.example.com
電子郵件通過 SMTP 中繼通過付費 mailjet 帳戶發送。
這是我的 DNS 配置,mailjet 將 DKIM 和 SPF 報告為“正常”:
@ IN TXT "v=spf1 include:_spf.google.com ~all" _dmarc.example.com. IN TXT "v=DMARC1;p=none;sp=none;pct=50;adkim=r;aspf=r;" _dmarc.mail IN TXT "v=DMARC1;p=reject;rua=mailto:dmarc-reports@example.com" default2103._domainkey IN TXT "v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBTlvBdpQXS3+g6rPM4fd" "O5EFHrt6EDRS6HMAzf4yYVsp9JwC145ftSzmw/qwdeW3c+JlwvqAipM2qf//A4HG/tpxV9ASX7Qa" "Yew6QlngiXB+T/ih37NrgUE0B2sUpijQ0n5mVd3sAstOQNPhyg5JeWOiJLLJS7xWbu/zwJ+WMB8h" "Phl5ZLrtfscsB56EawBJS/spGTKdOcq6aNm1yPUYvnWQsbWziuV9Y7NLb1yapauks1Yxug75HA12" "Zf7YTuaHPXuK+BSOSEzSUd5R/Fk7UZ1Ba1uX/OdcNKxZtaI0oYePHp9xzSMlWrj2RGbQP9WCKA0R" "HPHEKIwchsqXbIW6QIDAQAB" mail IN TXT "v=spf1 include:spf.mailjet.com -all" mailjet._bf00f643.mail IN TXT bf00f643e7c8377f55faab9307581acd mailjet._domainkey.mail IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs9LUxwgF8P0uV+ulltAAyITc3aRqgsAVlr2ZygTnuYJQ10gSPU2M7NAKJTck3P10F8F49t2BnBYsKzUo4AHlZ7V5kafYu3c9Gd50TfcMyqbGB1CL+ITfRxxh3opTTMZAvcCv/EpH9+dG1iw1a1ahZHTC2TvfF6k0thbIWjWIgQwIDAQAB" @ 3600 IN MX 10 ALT4.ASPMX.L.GOOGLE.COM. @ 3600 IN MX 5 ALT2.ASPMX.L.GOOGLE.COM. @ 3600 IN MX 1 ASPMX.L.GOOGLE.COM. @ 3600 IN MX 10 ALT3.ASPMX.L.GOOGLE.COM. @ 3600 IN MX 5 ALT1.ASPMX.L.GOOGLE.COM.
我用
example.com
. Google工作區使用主域,但 mail.exmaple.com 用於交易電子郵件。我正在嘗試通過 mail.example.com 發送。這是電子郵件:
Received: by mail-tester.com (Postfix, from userid 500) id 4C207A988D; Tue, 27 Jul 2021 16:51:48 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail-tester.com X-Spam-Level: X-Spam-Status: No/0.9/5.0 X-Spam-Test-Scores: DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249,HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635,MIME_HTML_ONLY=0.1,SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,URIBL_BLOCKED=0.001 X-Spam-Last-External-IP: xx.xxx.xxx.xxx X-Spam-Last-External-HELO: o123.p8.mailjet.com X-Spam-Last-External-rDNS: o123.p8.mailjet.com X-Spam-Date-of-Scan: Tue, 27 Jul 2021 16:51:48 +0200 X-Spam-Report: * 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was * blocked. See * http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block * for more information. * [URIs: mjt.lu] * -0.0 SPF_PASS SPF: sender matches SPF record * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level * mail domains are different * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML * tag Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=xx.xxx.xxx.xxx; helo=o123.p8.mailjet.com; envelope-from=xxxxx.xxxxxxxx@bnc3.mailjet.com; receiver=test-xxxxx@srv1.mail-tester.com DMARC-Filter: OpenDMARC Filter v1.3.1 mail-tester.com 9F060A988C Authentication-Results: mail-tester.com; dmarc=fail header.from=mail.example.com Authentication-Results: mail-tester.com; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=mail.example.com header.i=no-reply@mail.example.com header.b=MVNy47/y; dkim-atps=neutral Received: from o123.p8.mailjet.com (o123.p8.mailjet.com [xx.xxx.xxx.xxx]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail-tester.com (Postfix) with ESMTPS id 9F060A988C for <test-xxxxxx@srv1.mail-tester.com>; Tue, 27 Jul 2021 16:51:39 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; q=dns/txt; d=mail.example.com; i=no-reply@mail.example.com; s=mailjet; h=message-id:mime-version:from:reply-to:to:subject:date:list-unsubscribe-post: list-unsubscribe:feedback-id:x-csa-complaints:x-mj-mid:x-mj-smtpguid: x-report-abuse-to:content-type:content-transfer-encoding; bh=TIkRui7Va59h4geTtPXAKHua6pDPeJyum82T2lGo2Ww=; b=MVNy47/y6hs1gHGz8eiJlWuG18UsJ/Fhxa5vf7K5tDJt1jSfpePjd2YCb N1jbcfPt57l77VjSd8+vcwC2g5+yWyBHfkTuF8F7fGA9Vgn740zOLpMVjxlx PX71Bkay8jB4kG7Shtpus9XU+/a9WN5E9ygqWReclkE7X3uNqd78pQ= Message-Id: <xxxxx.xxxxxx@mailjet.com> MIME-Version: 1.0 From: Example <no-reply@mail.example.com> Reply-To: info@example.com To: test-xxxxxx@srv1.mail-tester.com Subject: Example Registrierung Date: Tue, 27 Jul 2021 14:51:38 +0000 List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: <mailto:xxxxx.mailjet.com>, <https://xxxxxxxxxxxxxxxxx> Feedback-Id: 42.1636236.1611053:MJ X-CSA-Complaints: csa-complaints@eco.de X-MJ-Mid: xxxxxxx X-MJ-SMTPGUID: 4c0f08ce-7ed4-457b-9f60-fdf493ab9e3e X-REPORT-ABUSE-TO: Message sent by Mailjet please report to abuse@mailjet.com with a copy of the message Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
我不明白為什麼驗證失敗以及我能做些什麼?其他工具dmarcanalzer說配置沒問題。
編輯
將郵件發送到 gmail 帳戶會進入垃圾郵件。但是,在 gmail 中顯示“原始消息”會報告 SPF、DKIM 和 DMARC 的“通過”:
原因是這樣的:
(1024-bit key; unprotected)
您只需將 DKIM 密鑰替換為 2048 位密鑰,就可以了。希望對你有幫助^_^