Pro*_*irl 8 domain-name-system email spf amazon-web-services amazon-ses
这是令人难以置信的令人沮丧。我的 Amazon SES 电子邮件以 Yahoo & Hotmail Spam 文件夹结尾,即使我的 SPF、SenderID 和 DKIM 设置正确。由于这个特定站点需要用户确认他们的电子邮件地址,因此自从使用 Amazon SES 以来,我丢失了超过 50% 的新注册,并且需要紧急解决这个问题。
这是我的 SPF 和 SenderID 记录(它们包括来自 Google、Rackspace 和 Amazon 的电子邮件服务):
v=spf1 include:_spf.google.com include:emailsrvr.com include:amazonses.com ~all
spf2.0/pra include:_spf.google.com include:emailsrvr.com include:amazonses.com ~all
我使用 GoDaddy 托管这个特定域,似乎您不需要使用引号 (") 来包围 SPF 和 SenderID 记录。(实际上,当我尝试使用引号时,无论是Kitterman还是MXtoolbox工具都无法找到 SPF记录,当我删除引号时,两个服务都找到了它们。)
然而,即使我使用SPF和SenderID记录所推荐的亚马逊自己,我发送测试电子邮件Port25的认证验证服务,虽然DKIM过去了,看来,无论是SPF和SenderID记录具有permerrors,和它似乎这些错误是亚马逊的“多条记录”(Kitterman 工具失败的原因相同“结果 - PermError SPF 永久错误:找到两个或更多类型的 TXT spf 记录。”)。以下是 Port25 服务的结果:
This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at <verifier-feedback@port25.com>.
This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com. The service allows email senders to perform
a simple check of various sender authentication mechanisms. It is provided
free of charge, in the hope that it is useful to the email community. While
it is not officially supported, we welcome any feedback you may have at
<verifier-feedback@port25.com>.
Thank you for using the verifier,
The Port25 Solutions, Inc. team
==========================================================
Summary of Results
==========================================================
SPF check: permerror
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: permerror
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: a192-142.smtp-out.amazonses.com
Source IP: 199.255.192.142
mail-from: 000000@amazonses.com
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: permerror (multiple SPF records)
ID(s) verified: smtp.mailfrom=000000@amazonses.com
DNS record(s):
amazonses.com. SPF (no records)
amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
amazonses.com. 900 IN TXT "mailru-verification: 71asdf5de908d6ed"
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From=no-reply@mysite.com
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (matches From: no-reply@mysite.com)
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: permerror (multiple SPF records with 'pra' scope)
ID(s) verified: header.From=no-reply@mysite.com
DNS record(s):
_spf.google.com. SPF (no records)
_spf.google.com. 300 IN TXT "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"
emailsrvr.com. SPF (no records)
emailsrvr.com. 28800 IN TXT "v=spf1 ip4:207.97.245.0/24 ip4:207.97.227.208/28 ip4:67.192.241.0/24 ip4:98.129.184.0/23 ip4:72.4.117.0/27 ip4:72.32.49.0/24 ip4:72.32.252.0/24 ip4:72.32.253.0/24 ip4:207.97.200.40 ip4:173.203.2.0/25 ip4:173.203.6.0/23 ip4:50.57.0.0/27 ~all"
amazonses.com. SPF (no records)
amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
amazonses.com. 900 IN TXT "mailru-verification: 71asdf5de908d6ed"
----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.1 (2010-03-16)
Result: ham (-2.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 SINGLE_HEADER_2K A single header contains 2K-3K characters
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
trust
[199.255.192.142 listed in list.dnswl.org]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
==========================================================
Explanation of the possible results (from RFC 5451)
==========================================================
SPF and Sender-ID Results
=========================
"none"
No policy records were published at the sender's DNS domain.
"neutral"
The sender's ADMD has asserted that it cannot or does not
want to assert whether or not the sending IP address is authorized
to send mail using the sender's DNS domain.
"pass"
The client is authorized by the sender's ADMD to inject or
relay mail on behalf of the sender's DNS domain.
"policy"
The client is authorized to inject or relay mail on behalf
of the sender's DNS domain according to the authentication
method's algorithm, but local policy dictates that the result is
unacceptable.
"fail"
This client is explicitly not authorized to inject or
relay mail using the sender's DNS domain.
"softfail"
The sender's ADMD believes the client was not authorized
to inject or relay mail using the sender's DNS domain, but is
unwilling to make a strong assertion to that effect.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability to
retrieve a policy record from DNS. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being absent or
a syntax error in a retrieved DNS TXT record. A later attempt is
unlikely to produce a final result.
DKIM and DomainKeys Results
===========================
"none"
The message was not signed.
"pass"
The message was signed, the signature or signatures were
acceptable to the verifier, and the signature(s) passed
verification tests.
"fail"
The message was signed and the signature or signatures were
acceptable to the verifier, but they failed the verification
test(s).
"policy"
The message was signed but the signature or signatures were
not acceptable to the verifier.
"neutral"
The message was signed but the signature or signatures
contained syntax errors or were not otherwise able to be
processed. This result SHOULD also be used for other
failures not covered elsewhere in this list.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability
to retrieve a public key. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being
absent. A later attempt is unlikely to produce a final result.
==========================================================
Original Email
==========================================================
Return-Path: <000000@amazonses.com>
Received: from a192-142.smtp-out.amazonses.com (199.255.192.142) by verifier.port25.com id asdf for <check-auth2@verifier.port25.com>; Sat, 1 Sep 2012 09:24:25 -0400 (envelope-from <000000@amazonses.com>)
Authentication-Results: verifier.port25.com; spf=permerror (multiple SPF records) smtp.mailfrom=000000@amazonses.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=no-reply@mysite.com
Authentication-Results: verifier.port25.com; dkim=pass (matches From: no-reply@mysite.com) header.d=mysite.com
Authentication-Results: verifier.port25.com; sender-id=permerror (multiple SPF records with 'pra' scope) header.From=no-reply@mysite.com
Return-Path: 000000@amazonses.com
Message-ID: <000000@email.amazonses.com>
Date: Sat, 1 Sep 2012 13:24:08 +0000
Subject: Confirm your E-mail
From: "Register@mysite.com" <no-reply@mysite.com>
To: check-auth2@verifier.port25.com
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-SES-Outgoing: 199.255.192.142
Hello testuser,
Confirm your e-mail by clicking this li=
nk:
http://mysite.com/confirmemail/aaasdf7798e
If you ar=
e having problems confirming, enter the code below.
Code: aaasdf7798e
Thanks!
The mysite.com Team
我该怎么做才能解决这个紧急问题,以便我通过 Amazon SES 发送的电子邮件同时通过 SPF 和 SenderID,并最终进入我的 Yahoo 和 Hotmail 用户的收件箱?我已经尝试了一切,但似乎没有任何效果。谢谢。
这个工具是正确的,一个域只允许有一条TXT/SPF记录。
无法为您正确修复此问题,您需要联系亚马逊来修复他们的记录。
这些需要合并(与 类似v=spf2):
amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
注意,该54.240.0.0/18部分也是错误的,应该是ip4:54.240.0.0/18。
您当然可以include:amazonses.com手动删除并添加 IP 范围。
但如果这些范围发生变化,它就会再次失败。
| 归档时间: |
|
| 查看次数: |
3932 次 |
| 最近记录: |