Me pehea te Whakamana i to Motuhēhēnga Īmēra Kua Whakaritea Tika (DKIM, DMARC, SPF)

DKIM Validator DMARC SPF

Mena kei te tuku imeera koe i nga momo momo rōrahi, he umanga tera e kiia ana kua hara koe me te whakaatu i to harakore. Ka mahi tahi matou me te maha o nga kamupene e awhina ana i a raatau me o raatau hekenga imeera, whakamahana IP, me nga take tuku. Ko te nuinga o nga kamupene kaore i te mohio he raru to raatau.

Nga raruraru e kore e kitea o te tuku

E toru nga raru e kore e kitea me te tuku imeera kaore e mohiotia e nga pakihi:

  1. whakaaetanga – Kaiwhakarato ratonga imeera (ESP) whakahaere i nga whakaaetanga whakauru… engari ko te kaiwhakarato ratonga ipurangi (ISP) e whakahaere ana i te kuaha mo te wahitau imeera taunga. Ko te tino he pūnaha whakamataku. Ka taea e koe te mahi i nga mea katoa hei pakihi ki te whiwhi whakaaetanga me nga wahitau imeera, karekau te ISP e mohio ana ka aukati tonu koe.
  2. Pouaka Pouakauru – Ko nga ESP te whakatairanga teitei whakaora reiti e te tikanga tito noa. He imeera ka tukuna tika ki te kōpaki paraurehe karekau i kitea e to kaiohauru imeera ka tukuna ma te hangarau. I roto i te tikanga ki te aroturuki pono koutou whakatakoto pouakaroto, me whakamahi koe i te rarangi kakano ka haere ki te titiro ki ia ISP. He ratonga kei te mahi i tenei.
  3. Whakaatu – Ko nga ISP me nga ratonga tuatoru kei te pupuri tonu i nga tohu ingoa mo te wahitau IP tuku mo to imeera. He rarangi pango ka whakamahia e nga ISP ki te aukati katoa i o imeera katoa, he kino pea to ingoa ka tukuna koe ki te kōpaki paraurehe. He maha nga ratonga ka taea e koe te whakamahi ki te aro turuki i to ingoa IP… engari he ahua pouri ahau i te mea he tokomaha kare i tino mohio ki ia ISP algorithms.

Īmēra Motuhēhēnga

Ko nga mahi pai mo te whakaiti i nga take whakaurunga pouakaroto ko te whakarite kua whakaritea e koe he maha o nga rekoata DNS ka taea e nga ISP te whakamahi ki te titiro ake me te whakarite ko nga imeera e tukuna ana e koe ka tukuna mai e koe, kaua e te tangata e kii ana ko koe to kamupene. . Ka mahia tenei ma te maha o nga paerewa:

  • Te Anga Kaupapa here Kaituku (SPF) – te paerewa tawhito rawa atu, koinei te waahi ka rehita koe i tetahi rekoata TXT mo to rehitatanga rohe (DNS) e whakaatu ana he aha nga rohe me nga wahitau IP e tukuna ana e koe he imeera mo to kamupene. Hei tauira, ka tukuna e ahau he imeera mo Martech Zone i Mokowāmahi Google Tuhinga ka whai mai Porohita (ko taku ake ESP kei te beta inaianei). He mono SMTP kei runga i taku paetukutuku hei tuku ma Google, mena ka uru ano he wahitau IP ki tenei.

v=spf1 include:circupressmail.com include:_spf.google.com ~all

  • Domain-i runga i te Motuhēhēnga Karere, Pūrongo me te Whakaaetanga (DMARC) – he kī whakamunatia kei roto i tenei paerewa hou ka taea te whakamana i taku rohe me te kaituku. Ko ia kī na taku kaituku, me te whakarite kia kore e taea te tinihanga nga imeera i tukuna mai e te kaipahua. Mena kei te whakamahi koe i a Google Workspace, koinei me pehea te whakarite DMARC.
  • DomainKeys Mēra I tautuhia (DKIM) – Ma te mahi i te taha o te rekoata DMARC, ka whakamohio tenei rekoata ki nga ISP me pehea te rongoa i aku ture DMARC me SPF tae atu ki te waahi ka tukuna nga purongo tuku. Kei te pirangi au kia paopao nga ISP i nga karere karekau e paahi i te DKIM, i te SPF ranei, a ko taku hiahia kia tukuna e ratou nga purongo ki taua wahitau imeera.

v=DMARC1; p=reject; rua=mailto:dmarc@martech.zone; adkim=r; aspf=s;

  • Tohu Waitohu mo te Tautuhi Karere (BIMI) - ko te taapiri hou, ka whakaratohia e te BIMI he huarahi mo nga ISP me a raatau tono imeera ki te whakaatu i te tohu o te waitohu i roto i te kaihoko imeera. He paerewa tuwhera me tetahi paerewa whakamunatia mo Gmail kei te hiahia hoki koe ki te tiwhikete whakamunatia. He tino utu nga tiwhikete no reira kare ano au e mahi.

v=BIMI1; l=https://martech.zone/logo.svg;a=self;

FAKATOKANGA: Mena ka hiahia awhina koe ki te whakarite i tetahi o to motuhēhēnga imeera, kaua koe e mangere ki te toro atu ki taku umanga Highbridge. He roopu ta matou te hokohoko imeera me nga tohunga tuku ka taea te awhina.

Me pehea te Whakamana i to Motuhēhēnga Īmēra

Ko nga korero puna katoa, nga korero whakawhiti, me nga korero whakamana e pa ana ki ia imeera ka kitea i roto i nga pane o te karere. Mena he tohunga koe ki te tuku, he tino ngawari te whakamaori i enei… engari mena he tauhou koe, he tino uaua. Anei te ahua o te pane pane mo ta matou panui, kua whakahinahia e au etahi o nga imeera whakautu aunoa me nga korero whakahau:

Pane Karere - DKIM me SPF

Mena ka panui koe, ka kite koe he aha aku ture DKIM, mena ka paahi a DMARC (kaore) ka paahi te SPF… engari he nui te mahi. He huarahi pai ake, ahakoa, me whakamahi DKIMValidator. Ka hoatu e DKIMValidator he wahitau imeera ka taea e koe te taapiri atu ki to rarangi panui me te tuku ma to imeera tari… a ka whakamaoritia e ratou nga korero pane ki te purongo pai:

Tuatahi, ka whakamanahia taku whakamunatanga DMARC me te waitohu DKIM kia kite mena ka paahi, kaore ranei (kaore).

DKIM Information:
DKIM Signature

Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=circupressmail.com;
	s=cpmail; t=1643110423;
	bh=PTOH6xOB3+wFZnnY1pLaJgtpK9n/IkEAtaO/Xc4ruZs=;
	h=Date:To:From:Reply-to:Subject:List-Unsubscribe;
	b=HKytLVgsIfXxSHVIVurLQ9taKgs6hAf/s4+H3AjqE/SJpo+tamzS9AQVv3YOq1Nt/
	 o1mMOkAJN4HTt8JXDxobe6rJCia9bU1o7ygGEBY+dIIzAyURLBLo5RzyM+hI/X1BGc
	 jeA93dVXA+clBjIuHAM9t9LGxSri7B5ka/vNG3n8=


Signature Information:
v= Version:         1
a= Algorithm:       rsa-sha256
c= Method:          relaxed/relaxed
d= Domain:          circupressmail.com
s= Selector:        cpmail
q= Protocol:        
bh=                 PTOH6xOB3+wFZnnY1pLaJgtpK9n/IkEAtaO/Xc4ruZs=
h= Signed Headers:  Date:To:From:Reply-to:Subject:List-Unsubscribe
b= Data:            HKytLVgsIfXxSHVIVurLQ9taKgs6hAf/s4+H3AjqE/SJpo+tamzS9AQVv3YOq1Nt/
	 o1mMOkAJN4HTt8JXDxobe6rJCia9bU1o7ygGEBY+dIIzAyURLBLo5RzyM+hI/X1BGc
	 jeA93dVXA+clBjIuHAM9t9LGxSri7B5ka/vNG3n8=
Public Key DNS Lookup

Building DNS Query for cpmail._domainkey.circupressmail.com
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+D53OskK3EM/9R9TrX0l67Us4wBiErHungTAEu7DEQCz7YlWSDA+zrMGumErsBac70ObfdsCaMspmSco82MZmoXEf9kPmlNiqw99Q6tknblJnY3mpUBxFkEX6l0O8/+1qZSM2d/VJ8nQvCDUNEs/hJEGyta/ps5655ElohkbiawIDAQAB
Validating Signature

result = fail
Details: body has been altered

Na, ka titiro ake i taku rekoata SPF kia kite mena ka paahi (ka eke):

SPF Information:
Using this information that I obtained from the headers

Helo Address = us1.circupressmail.com
From Address = info@martech.zone
From IP      = 74.207.235.122
SPF Record Lookup

Looking up TXT SPF record for martech.zone
Found the following namesevers for martech.zone: ns57.domaincontrol.com ns58.domaincontrol.com
Retrieved this SPF Record: zone updated 20210630 (TTL = 600)
using authoritative server (ns57.domaincontrol.com) directly for SPF Check
Result: pass (Mechanism 'include:circupressmail.com' matched)

Result code: pass
Local Explanation: martech.zone: Sender is authorized to use 'info@martech.zone' in 'mfrom' identity (mechanism 'include:circupressmail.com' matched)
spf_header = Received-SPF: pass (martech.zone: Sender is authorized to use 'info@martech.zone' in 'mfrom' identity (mechanism 'include:circupressmail.com' matched)) receiver=ip-172-31-60-105.ec2.internal; identity=mailfrom; envelope-from="info@martech.zone"; helo=us1.circupressmail.com; client-ip=74.207.235.122

Ko te mea whakamutunga, he maarama ki ahau mo te karere ake, me te mea ka tohuhia e te ihirangi etahi taputapu rapu SPAM, ka tirohia mena kei roto ahau i nga rarangi pango, ka korero mai ki a au mehemea ka tukuna atu ki te kōpaki paraurehe:

SpamAssassin Score: -4.787
Message is NOT marked as spam
Points breakdown: 
-5.0 RCVD_IN_DNSWL_HI       RBL: Sender listed at https://www.dnswl.org/,
                            high trust
                            [74.207.235.122 listed in list.dnswl.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
                            identical to background
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                            valid
 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
                            Colors in HTML
 0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid

Kia mohio koe ki te whakamatautau i nga ESP, ratonga karere tuatoru ranei e tukuna ana e to kamupene he imeera hei whakarite kia tika te tatūnga o to Motuhēhēnga Īmēra!

Whakamatauhia to imeera me te Kaitautoko DKIM

Whakaaturanga: Kei te whakamahi ahau i taku hononga hono mo Mokowāmahi Google i roto i tenei tuhinga.