Email
我是否需要調整我的 DMARC 設置(最終傳遞時 SPF 對齊失敗)?
我已經收到了我的第一份(有史以來!)DMARC 取證報告,我不確定這是否意味著我應該設置不同的東西,或者這是否是理想的行為,或者它是否不受歡迎但沒有什麼可做的。
實際報告說
Feedback-Type: auth-failure User-Agent: szn-mime/2.0.46 Version: 1 Original-Mail-From: cwr@cwrichardson.com Original-Rcpt-To: maru.sucha@seznam.cz Source-Ip: 2a00:1450:4864:20::348 Reported-Domain: cwrichardson.com Authentication-Results: email.seznam.cz 1; spf_align=fail; dkim_align=pass Delivery-Result: delivered
查看返回的標頭,我猜在我發送電子郵件的位置 (@skolaseiferta.cz) 和收件人的實際電子郵件地址 (@seznam.cz) 之間發生了一些內部轉發/別名。Google中間有一堆東西,看起來一切(SPF、DKIM、DMARC)都在通過。我有模糊的回憶,我在某個地方讀過,有時Google在不更新標題的情況下轉發,這會導致問題。也許這就是這裡發生的事情,但我的核心問題是,這種失敗(SPF 對齊;但傳遞的消息)是否表明我配置錯誤,如果是,我應該改變什麼?
這是取證報告中報告的最終標題:
Received: from mail-wm1-x348.google.com (mail-wm1-x348.google.com [2a00:1450:4864:20::348]) by email-smtpd17.ko.seznam.cz (Seznam SMTPD 1.3.125) with ESMTP; Wed, 21 Apr 2021 21:28:04 +0200 (CEST) Received: by mail-wm1-x348.google.com with SMTP id j128-20020a1c55860000b02901384b712094so754950wmb.2 for <maru.sucha@seznam.cz>; Wed, 21 Apr 2021 12:28:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-filter:dkim-signature:from:message-id :mime-version:subject:date:in-reply-to:cc:to:references:delivered-to; bh=z9XlWb3jRfloYwjMKz59BkGnJPKn5q9UeC0Yjl3uFpU=; b=OmOkt9uiFimeL2nbIAnz89lXQh6/L47XxRfQcpkktf1KCjK1csYPs/I5UxzzgBxXDL QbkfBy3W6l6txQfM+E821xvBU63wXirBdbN8Gxo3Ldw6dQvZ+6uzatuCkEeFVHL6KO6H E1O27CVqbz6bhqvaDKEgZRItL6bSAO3OhprafiZk6Yhqr170cAKArDzfTyFgvXX4FGfI MFr/1BqM3VQnEyPRBRTiF5i4h1ZxRhnSUvcDH900v+7RN4AZ7+XLAcWjGfHBmWWHea6J GV14l7zl22LLRRGIhSaxP+L8qzSG6GM+NRFRJIA8OEfTHkpTXTI1q1aMzLRWIefkMFK/ C9iQ== X-Gm-Message-State: AOAM531OlI1F9zTh1HsZoHNZWRw2CRCcaLXZmaWuT10mdobzsf1XdbXR jVsZvqhPh/16vPkDdJdHwZdNzDTJ7CYTnntl2W3Ylv1iWfO45ExY/3J5H2S8LMTc9m/Vg1HzH9N unIJoFt2ngq8JpN5PRnXe3TbNIRVN5ypsMMYp9rWdDmXRlI/X3Q== X-Received: by 2002:a5d:47c1:: with SMTP id o1mr27285827wrc.216.1619033282566; Wed, 21 Apr 2021 12:28:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxghHJgfoFCadI4rf70xN3TaKsadvCo5viffMf7GjVOMzjZImFo2jdnWEOn8V+OIxc8YVlx X-Received: by 2002:a5d:47c1:: with SMTP id o1mr27285733wrc.216.1619033281236; Wed, 21 Apr 2021 12:28:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619033281; cv=none; d=google.com; s=arc-20160816; b=i9HgJPQWyJQaj9eHYTRTLX30VfCcgk3coymQyyGzs3jKpMtoTGTSkTJoakmG4kpamB HBf9tf6FdxKZK1EPYUhu2HoIB99JSwU5/hm7+LjM9izktRYp12apYf37Q1XqUqWXXJkx iUUEVpjE33D6TmhklEOw6HZaSK+GI+AYESoUkIWuqJLG95+5gt2Ckq21Xs3zGw57m5vE pkusUkEKxR/8UOrFag6U4OLMr6ydy/oUNtQhUiAr2imI2qYUbMCoGpwDiIm4NI6n7Wtx WSTvKGZymXugiv51qBlmtL0u5U3dNTVTtJSKr2Vo4oDIQBIZaw1hm2oudeLPOvmdwSP0 YfGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:dkim-signature:dkim-filter; bh=z9XlWb3jRfloYwjMKz59BkGnJPKn5q9UeC0Yjl3uFpU=; b=R3Rk9Xazyo8BwHtxFEETi3RxVnAMqd8aFzNgQYVSQ7eTSEFbkxquX3YWP5blsnu7el GinyOV6vxvBuRJpZOgx+7+zgT4os0xGP7naNBG8kyMBuFjvTTvt/g592KmZj0RurQezb lspa6TLQ+x1wpysKvlg7Dy0VKFhfAkww8vXDNNbaJuC/YlBFNGab+x2B2FLtrITIxR6B OyOpCsX2MvbXtuRikXRgzkvm5DWVqyt6XFH/a3kw9PvbzR23eEmX/OMZe/g+W9ZW8O7D /hbimfG2OjKsOAFOCX1yeUUlV0M2hdphi3yI3zSOgoqpTgQfieaHCm9LtkuYAmBBoFH7 nuDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cwrichardson.com header.s=default header.b=rKVHfdcx; spf=pass (google.com: domain of cwr@cwrichardson.com designates 54.93.189.174 as permitted sender) smtp.mailfrom=cwr@cwrichardson.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cwrichardson.com Return-Path: <cwr@cwrichardson.com> Received: from mercury.mirovoysales.com (mercury.mirovoysales.com. [54.93.189.174]) by mx.google.com with ESMTP id r5si462898wrl.256.2021.04.21.12.28.00; Wed, 21 Apr 2021 12:28:01 -0700 (PDT) Received-SPF: pass (google.com: domain of cwr@cwrichardson.com designates 54.93.189.174 as permitted sender) client-ip=54.93.189.174; Authentication-Results: mx.google.com; dkim=pass header.i=@cwrichardson.com header.s=default header.b=rKVHfdcx; spf=pass (google.com: domain of cwr@cwrichardson.com designates 54.93.189.174 as permitted sender) smtp.mailfrom=cwr@cwrichardson.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cwrichardson.com Received: from localhost (unknown [127.0.0.1]) by mercury.mirovoysales.com (Postfix) with ESMTP id EF3C88004B; Wed, 21 Apr 2021 19:27:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at example.com Received: from mercury.mirovoysales.com ([127.0.0.1]) by localhost (ip-10-0-200-85.eu-central-1.compute.internal [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wQKPlvH_4S8m; Wed, 21 Apr 2021 19:27:57 +0000 (UTC) Received: from [192.168.1.2] (213.121.broadband6.iol.cz [88.101.121.213]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mercury.mirovoysales.com (Postfix) with ESMTPSA id 3A67080037; Wed, 21 Apr 2021 19:27:57 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mercury.mirovoysales.com 3A67080037 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cwrichardson.com; s=default; t=1619033277; bh=z9XlWb3jRfloYwjMKz59BkGnJPKn5q9UeC0Yjl3uFpU=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=rKVHfdcxSd1ZhsD1G1X5jvil3lpme2V8tNU+3D0PgdBklG/uYMEdRFVOjr6vqkp9y GhZa5D1MVyG1Zd/OZ8v7OZ6x2YZsObnWz92Q5B+X1H5lvbD7/1K9AuNAVmMMmWdlMl EY7thbBBQyT1f7j4TvHJTwuJx2JZszR1BjlGoEiY= From: Christopher Richardson <cwr@cwrichardson.com> Message-Id: <F670ECB5-9957-4288-8D0B-FB5D54B4F523@cwrichardson.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_4FC50147-75FE-4FDF-B8EC-F651F9EF7F63" Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\)) Subject: =?utf-8?B?UmU6IMWha29sYSB2IHDFmcOtcm9kxJs=?= Date: Wed, 21 Apr 2021 21:27:56 +0200 In-Reply-To: <C81CB58C-CAD1-4A07-BDAD-76E1DC7A83D1@gmail.com> Cc: Sarah Richardson <ssghotane@gmail.com>, sucha@skolaseiferta.cz To: pfauserova@skolaseiferta.cz References: <CAOSANHi3e3EPsdvvBU5sh_r3T5h+m8+4Mmwsek=ZxHj3rmEaZQ@mail.gmail.com> <C81CB58C-CAD1-4A07-BDAD-76E1DC7A83D1@gmail.com> X-Mailer: Apple Mail (2.3654.60.0.2.21) Delivered-To: sucha@skolaseiferta.czArrival-Date: Wed, 21 Apr 2021 21:28:10 +0200 (CEST) Reporting-MTA: dns; email.seznam.cz Final-Recipient: rfc822; forensicreports@mirovoysales.com Status: 2.0.0 Diagnostic-Code: x-uknown; Action: x-unknown Original-Recipient: rfc822; maru.sucha@seznam.cz
要實現 DMARC 合規性,必須對齊 SPF 或 DKIM 。所以我不明白你為什麼收到這份取證報告——據我了解 DMARC 系統,這條消息是合規的,因為 DKIM 通過了對齊測試據我所知,這條消息是符合 DMARC 的——通常你不會得到取證報告,但有一個設置要求報告,即使任何機制失敗(感謝@anx 提供此資訊 - 對我來說是新的!)。該報告還在最後一行告訴您消息已送達 - 因此這裡沒有拒絕或隔離。
轉發是 DMARC 的一個已知問題,因為標頭中的發件人地址可能不匹配。通常,如果郵件網關檢測到不符合 DMARC 的郵件並且由於標頭中的特定提示而“看起來已轉發”,則網關可以讓該郵件通過 - 即使 SPF和DKIM 失敗 -請參閱 DMARC Policy Overrides。