服务器 Gind.cn
  1. 服务器 Gind.cn
  3. DMARC阻止了似乎应该允许的电子邮件
Intereting Posts
如何在Exchange电子邮件服务器上configurationdkim iptables既“接受所有任何地方”和“随处放置所有地方”的规则 在进行Python安全更新时收到通知 monit,无法启动node.js脚本 仅将传入的请求转发到端口80 Gitlabhq gitolite更新回购和密钥问题 如何使用iptables来阻止连接到openwrt路由器的设备的IP 如何看看使用了什么样的supervisordconfiguration networking的未绑定DNSparsing器 SSL,CSR:我应该包含—– BEGIN CERTIFICATE REQUEST —–? Areca ARC 1261ML仅在4TB磁盘上看到2TB 通过设置BIND并查询“大”来获取域名? 刀片服务器networking连接scheme Traclogin表单 桑巴死亡时间不工作

DMARC阻止了似乎应该允许的电子邮件

这是我们设定的DMARClogging 

v=DMARC1; p=reject; rua=mailto:[redacted]@coinbase.com; adkim=r; aspf=s

所以我们严格拒绝与SPF的任何不匹配,而DKIM是放松的。

这里是SPFlogging: 

 v=spf1 mx ptr include:_spf.google.com include:amazonses.com include:servers.mcsv.net ip4:216.146.46.11/24 ip4:54.240.0.0/16 -all

这里的servers.mcsv.net是相关的,这是MailChimp。

现在,当mailchimp发送电子邮件时,这里是相关的标题(取自DMARC设置为拒绝之前): 

 Delivered-To: [redacted]@gmail.com Return-Path: <bounce-mc.us5_10399111.473393-[redacted][email protected]> Received: from mail43.atl11.rsgsv.net (mail43.atl11.rsgsv.net. [205.201.133.43]) by mx.google.com with ESMTP id j28si35440183yha.171.2014.05.21.09.07.49 for <[redacted]@gmail.com>; Wed, 21 May 2014 09:07:49 -0700 (PDT) Received-SPF: pass (google.com: domain of bounce-mc.us5_10399111.473393-[redacted][email protected] designates 205.201.133.43 as permitted sender) client-ip=205.201.133.43; Authentication-Results: mx.google.com; spf=pass (google.com: domain of bounce-mc.us5_10399111.473393-[redacted][email protected] designates 205.201.133.43 as permitted sender) smtp.mail=bounce-mc.us5_10399111.473393-[redacted][email protected]; dkim=pass [email protected]; dmarc=fail (p=NONE dis=NONE) header.from=coinbase.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=mail43.atl11.rsgsv.net; h=Subject:From:Reply-To:To:Date:Message-ID:List-Unsubscribe:Sender:Content-Type:MIME-Version; i=[redacted][email protected]; bh=o5A5eXnTv4l6rsLeAnZJnMWMM68=; b=TuFkaiUuroZ81dqLE6inBqApDru17Je2eBBRhPSwcLjFqSnQYasdQeoKdSseroRiNsVwR2l+VMgo AjDCgEcXlmKQ1OZwgFJRoy/YKcV2aWfAaNttoLg/Ia1mqRVI+KOA6CIHE+1sbjc8vGdbkxHpnhkw vyKFBZn8BdHmLyBUr88= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=gmail.mcsv.net; h=Subject:From:Reply-To:To:Date:Message-ID:X-Feedback-ID:List-Unsubscribe:Sender:Content-Type:MIME-Version; bh=o5A5eXnTv4l6rsLeAnZJnMWMM68=; b=pUJSVxxUhdCyKquMzC3XoV8/vdntYc9D9PPEi8+kGHPzyX9JYz2abxclEKparO5titfvKxda7K6R m65UTHrkFeMh+lQw7KruA0YBI4ixq07xVUiQkyZRTTuV8oW0R1a/gwWqr4zCnrHbgBmtSg1lKRWF Zo4frwnJ67K8gPd/Qlk= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=mail43.atl11.rsgsv.net; b=WU6GQW9PExrQou81SYai+uiOzWU9FjHdzXPh2NA+g0aKjcDx08ujAcfkOjLRtD6ceTEwdS4GNeyc 3iwdIXMjwYN1qDzo4Ug3yeKCTjidqcjdxJcRN1pBJ6Dq+bsGkcNiwlh7cFlmTSQEeIobmRCO3FEA mEJ3ZB59fs0X9VhAiiw=; Received: from (127.0.0.1) by mail43.atl11.rsgsv.net id hfj7la1lgi03 for <[redacted]@gmail.com>; Wed, 21 May 2014 16:07:09 +0000 (envelope-from <bounce-mc.us5_10399111.473393-[redacted][email protected]>) Subject: =?utf-8?Q?Posts=20from=20The=20Coinbase=20Blog=20for=2005=2F21=2F2014?= From: =?utf-8?Q?The=20Coinbase=20Blog?= <[redacted]@coinbase.com>

你可以看到DMARC失败。 但我不明白为什么。 SPFlogging通过。 DKIM也是(虽然我们在这里放松了这个要求)。

也许我误解了一些关于DMARC的东西,但是看起来好像应该这样。

感谢您的帮助!

从消息的RFC5322 From字段中提取的域名是DMARC机制中的主标识符。 这将导致DMARC的DKIMvalidation失败,因为文档没有被coinbase.com签名。

请将其标记为您的域,或从DMARClogging中删除DKIMvalidation。