SPF, SenderID 및 DKIM이 올바르게 설정되어 있어도 Yahoo & Hotmail Spam 폴더로 끝나는 Amazon SES 이메일


8

이것은 매우 실망입니다. SPF, SenderID 및 DKIM이 올바르게 설정되어 있는데도 Amazon SES 이메일이 Yahoo & Hotmail Spam 폴더로 끝나고 있습니다. 이 특정 사이트에서는 사용자가 이메일 주소를 확인해야하므로 Amazon SES를 사용한 이후 새 등록의 50 % 이상을 잃어 가고 있으며이 문제를 긴급하게 해결해야합니다.

SPF 및 SenderID 레코드는 다음과 같습니다 (Google, Rackspace 및 Amazon의 전자 메일 서비스 포함).

v=spf1 include:_spf.google.com include:emailsrvr.com include:amazonses.com ~all

spf2.0/pra include:_spf.google.com include:emailsrvr.com include:amazonses.com ~all

이 특정 도메인을 GoDaddy와 함께 호스팅하며 SPF 및 SenderID 레코드를 둘러싸 기 위해 따옴표 ( ")를 사용할 필요가없는 것 같습니다. 실제로 따옴표로 시도 할 때 Kitterman 이나 MXtoolbox 도구는 SPF를 찾을 수 없었습니다. 기록을 인용하고 따옴표를 제거하면 두 서비스 모두에 있습니다.)

그러나 아마존 자체에서 권장하는대로 나는 SPF와 센더 기록을 사용하여이 있어도, 나는에 테스트 전자 메일을 보내 서비스 검증 Port25의 인증 및 DKIM이 통과하지만, 모두 SPF와 센더 기록이있는 것으로 보인다 permerrors을 하고, 그것을 이러한 오류는 "다중 레코드"를 갖는 것으로 Amazon의 끝에있는 것으로 보입니다 (Kitterman 도구는 "결과-PermError SPF 영구 오류 : 두 개 이상의 TXT spf 레코드가 발견되었습니다"와 같은 이유로 실패합니다). Port25 서비스의 결과는 다음과 같습니다.

This message is an automatic response from Port25's authentication verifier service at verifier.port25.com.  The service allows email senders to perform a simple check of various sender authentication mechanisms.  It is provided free of charge, in the hope that it is useful to the email community.  While it is not officially supported, we welcome any feedback you may have at <verifier-feedback@port25.com>.

This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com.  The service allows email senders to perform
a simple check of various sender authentication mechanisms.  It is provided
free of charge, in the hope that it is useful to the email community.  While
it is not officially supported, we welcome any feedback you may have at
<verifier-feedback@port25.com>.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check:          permerror
DomainKeys check:   neutral
DKIM check:         pass
Sender-ID check:    permerror
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  a192-142.smtp-out.amazonses.com
Source IP:      199.255.192.142
mail-from:      000000@amazonses.com

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         permerror (multiple SPF records)
ID(s) verified: smtp.mailfrom=000000@amazonses.com
DNS record(s):
   amazonses.com. SPF (no records)
   amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
   amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
   amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
   amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
   amazonses.com. 900 IN TXT "mailru-verification: 71asdf5de908d6ed"

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=no-reply@mysite.com
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         pass (matches From: no-reply@mysite.com)    

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         permerror (multiple SPF records with 'pra' scope)
ID(s) verified: header.From=no-reply@mysite.com
DNS record(s):      
   _spf.google.com. SPF (no records)
   _spf.google.com. 300 IN TXT "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"
   emailsrvr.com. SPF (no records)
   emailsrvr.com. 28800 IN TXT "v=spf1 ip4:207.97.245.0/24 ip4:207.97.227.208/28 ip4:67.192.241.0/24 ip4:98.129.184.0/23 ip4:72.4.117.0/27 ip4:72.32.49.0/24 ip4:72.32.252.0/24 ip4:72.32.253.0/24 ip4:207.97.200.40 ip4:173.203.2.0/25 ip4:173.203.6.0/23 ip4:50.57.0.0/27 ~all"
   amazonses.com. SPF (no records)
   amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
   amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
   amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
   amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
   amazonses.com. 900 IN TXT "mailru-verification: 71asdf5de908d6ed"

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.1 (2010-03-16)

Result:         ham  (-2.7 points, 5.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
0.0 SINGLE_HEADER_2K       A single header contains 2K-3K characters
-0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at http://www.dnswl.org/, low
                           trust
                           [199.255.192.142 listed in list.dnswl.org]
-0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
                           domain
-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                           [score: 0.0000]
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
                           domain
0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature

==========================================================
Explanation of the possible results (from RFC 5451)
==========================================================

SPF and Sender-ID Results
=========================

"none"
     No policy records were published at the sender's DNS domain.

"neutral"
     The sender's ADMD has asserted that it cannot or does not
     want to assert whether or not the sending IP address is authorized
     to send mail using the sender's DNS domain.

"pass"
     The client is authorized by the sender's ADMD to inject or
     relay mail on behalf of the sender's DNS domain.

"policy"
    The client is authorized to inject or relay mail on behalf
     of the sender's DNS domain according to the authentication
     method's algorithm, but local policy dictates that the result is
     unacceptable.

"fail"
     This client is explicitly not authorized to inject or
     relay mail using the sender's DNS domain.

"softfail"
     The sender's ADMD believes the client was not authorized
     to inject or relay mail using the sender's DNS domain, but is
     unwilling to make a strong assertion to that effect.

"temperror"
     The message could not be verified due to some error that
     is likely transient in nature, such as a temporary inability to
     retrieve a policy record from DNS.  A later attempt may produce a
     final result.

"permerror"
     The message could not be verified due to some error that
     is unrecoverable, such as a required header field being absent or
     a syntax error in a retrieved DNS TXT record.  A later attempt is
     unlikely to produce a final result.


DKIM and DomainKeys Results
===========================

"none"
     The message was not signed.

"pass"
     The message was signed, the signature or signatures were
     acceptable to the verifier, and the signature(s) passed
     verification tests.

"fail"
     The message was signed and the signature or signatures were
     acceptable to the verifier, but they failed the verification
     test(s).

"policy"
     The message was signed but the signature or signatures were
     not acceptable to the verifier.

"neutral"
     The message was signed but the signature or signatures
     contained syntax errors or were not otherwise able to be
     processed.  This result SHOULD also be used for other
     failures not covered elsewhere in this list.

"temperror"
     The message could not be verified due to some error that
     is likely transient in nature, such as a temporary inability
     to retrieve a public key.  A later attempt may produce a
     final result.

"permerror"
     The message could not be verified due to some error that
     is unrecoverable, such as a required header field being
     absent. A later attempt is unlikely to produce a final result.


==========================================================
Original Email
==========================================================

Return-Path: <000000@amazonses.com>
Received: from a192-142.smtp-out.amazonses.com (199.255.192.142) by verifier.port25.com id asdf for <check-auth2@verifier.port25.com>; Sat, 1 Sep 2012 09:24:25 -0400 (envelope-from <000000@amazonses.com>)
Authentication-Results: verifier.port25.com; spf=permerror (multiple SPF records) smtp.mailfrom=000000@amazonses.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=no-reply@mysite.com
Authentication-Results: verifier.port25.com; dkim=pass (matches From: no-reply@mysite.com) header.d=mysite.com
Authentication-Results: verifier.port25.com; sender-id=permerror (multiple SPF records with 'pra' scope) header.From=no-reply@mysite.com    
Return-Path: 000000@amazonses.com
Message-ID: <000000@email.amazonses.com>
Date: Sat, 1 Sep 2012 13:24:08 +0000
Subject: Confirm your E-mail
From: "Register@mysite.com" <no-reply@mysite.com>
To: check-auth2@verifier.port25.com
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-SES-Outgoing: 199.255.192.142

Hello testuser,

Confirm your e-mail by clicking this li=
nk:

http://mysite.com/confirmemail/aaasdf7798e

If you ar=
e having problems confirming, enter the code below.

Code: aaasdf7798e

Thanks!
The mysite.com Team

Amazon SES를 통한 전자 메일이 SPF와 SenderID를 모두 통과하고 Yahoo 및 Hotmail 사용자의받은 편지함에 들어가도록이 긴급한 문제를 해결하려면 어떻게해야합니까? 나는 절대적으로 모든 것을 시도했지만 아무것도 작동하지 않는 것 같습니다. 감사.


3
나중에 참고할 수 있도록이 질문이 두 번 다운 코팅 된 이유는 무엇입니까? 감사.
ProgrammerGirl

답변:


3

이 도구는 정확하며 도메인에는 하나의 TXT / SPF 레코드 만 허용됩니다.
이 문제를 올바르게 해결하는 방법은 없습니다. Amazon에 문의하여 레코드를 수정해야합니다.

이것들은 합쳐질 필요가 있습니다 v=spf2.

   amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"  
   amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"  

54.240.0.0/18부분도 잘못되었습니다 ip4:54.240.0.0/18.

물론 include:amazonses.comIP 범위를 제거 하고 수동으로 IP 범위를 추가 할 수 있습니다 .
그러나 해당 범위가 변경되면 다시 실패합니다.


아마존에서 문제가 발생했다는 의심을 확인해 주셔서 감사합니다. 두 가지 빠른 질문 : 1) 도메인에 하나의 TXT / SPF 레코드 만 허용되는 경우 표준 SPF 레코드와 SenderID를 둘 다 가질 수있는 방법은 무엇입니까? 2) Amazon에서이 문제를 해결할 때까지 어떻게 IP 범위를 SPF와 SenderID에 수동으로 추가 할 수 있습니까? 감사!
ProgrammerGirl

1
1) 서로 다른 것으로 간주되며 1 v=spf1과 1 만 v=spf2허용됩니다. 2) include:amazonses.com추가를 제거합니다 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18( ip4:마지막 네트워크에 추가 된 정보는 게시 된 레코드에서도 누락 됨
faker

감사. v=spf2SenderID에 사용 하는 것으로 나타 났지만 다른 사람 spf2.0/pra이 SenderID 레코드를 시작하는 데 사용하는 것 같습니다 . 차이점은 무엇이며 어떤 것을 사용해야합니까? 그러면 SenderID 레코드의 시작은 어떻게 보일까요? 다시 한 번 감사드립니다.
ProgrammerGirl

1
죄송합니다, 당신은 정확하고, v=spf2존재하지 않으며, spf2.0/pra정확합니다
faker

1
더 잘, 당신은 아마 그래서, 당신의 다른 공급자의 포함 유지하려는 : v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 include:_spf.google.com include:emailsrvr.com ~allspf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 include:_spf.google.com include:emailsrvr.com ~all
사기꾼
당사 사이트를 사용함과 동시에 당사의 쿠키 정책개인정보 보호정책을 읽고 이해하였음을 인정하는 것으로 간주합니다.
Licensed under cc by-sa 3.0 with attribution required.