如何修复DMARC配置。电邮丢弃垃圾邮件文件夹Google Apps

时间:2015-07-31 16:27:36

标签: email google-apps amazon-route53 spf dmarc

我在AWS Route53上设置了域名,我使用GoogleApps管理电子邮件帐户。我无法将邀请(Google日历/环聊)发送到其他域名。这些邀请都在SPAM框中。

我的DNS配置

$ dig -t any matheuscarino.com.br

;; ANSWER SECTION:
matheuscarino.com.br.   27  IN  A   54.88.183.99
matheuscarino.com.br.   27  IN  A   54.86.206.71
matheuscarino.com.br.   21567   IN  NS  ns-1324.awsdns-37.org.
matheuscarino.com.br.   21567   IN  NS  ns-1966.awsdns-53.co.uk.
matheuscarino.com.br.   21567   IN  NS  ns-691.awsdns-22.net.
matheuscarino.com.br.   21567   IN  NS  ns-7.awsdns-00.com.
matheuscarino.com.br.   867 IN  SOA ns-1966.awsdns-53.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
matheuscarino.com.br.   267 IN  MX  1 aspmx.l.google.com.
matheuscarino.com.br.   267 IN  MX  10 alt3.aspmx.l.google.com.
matheuscarino.com.br.   267 IN  MX  10 alt4.aspmx.l.google.com.
matheuscarino.com.br.   267 IN  MX  5 alt1.aspmx.l.google.com.
matheuscarino.com.br.   267 IN  MX  5 alt2.aspmx.l.google.com.
matheuscarino.com.br.   267 IN  TXT "v=spf1 include:_spf.google.com ~all"

$ dig -t TXT _dmarc.matheuscarino.com.br

;; ANSWER SECTION:
_dmarc.matheuscarino.com.br. 299 IN TXT "v=DMARC1\; p=quarantine\; pct=100\; rua=mailto:webmaster@matheuscarino.com.br"

了解消息的传递方式。

spf=pass (google.com: domain of 3J4q7VQIUDdwCSK8RFCSQA8PGLM.AMK.9PK8RFCSQ.P8KMQL8RSC.AMK.9P@calendar-server.bounces.google.com designates 2607:f8b0:4002:c07::24a as permitted sender) smtp.mail=3J4q7VQIUDdwCSK8RFCSQA8PGLM.AMK.9PK8RFCSQ.P8KMQL8RSC.AMK.9P@calendar-server.bounces.google.com;
       dkim=pass header.i=@google.com;
       dmarc=fail (p=QUARANTINE dis=QUARANTINE) header.from=matheuscarino.com.br
Received: by ykdv124 with SMTP id v124so3562561ykd.1
        for <matheus@XXXXX.com.br>; Fri, 31 Jul 2015 07:46:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;

提前致谢。

1 个答案:

答案 0 :(得分:1)

因此,要使Google Apps电子邮件系统符合DMARC标准,您需要启用特定于域的DKIM。现在,您的电子邮件正在使用google.com签名进行DKIM签名,但FROM标头是matheuscarino.com.br地址。因此,DKIM签名不能用于DMARC身份验证,因为域名不一样。

对于从您的Google Apps帐户发送的大多数电子邮件,这不是问题,因为SPF身份验证与FROM标头域匹配。这些电子邮件的返回路径地址的域名为matheuscarino.com.br,您的SPF记录会对其进行身份验证。

但是,日历和环聊消息使用不同的返回路径域。因此,要对这些消息进行身份验证,您必须为您的Google Apps帐户启用DKIM。您可以在此处找到相关说明 - https://support.google.com/a/answer/174124?hl=en

相关问题
最新问题