我们已为我们的域配置了SPF,DKIM和DMARC记录,并且它们正常运行。来自Gmail,Hotmail,Yahoo的DMARC报告也证实了这一点。
然而,就在上周,我们的一位(Gmail)用户提醒我们注意从我们域名中的欺骗性电子邮件地址发送的欺诈性电子邮件。
在查看电子邮件标题后,我们意识到Gmail根本没有启动DMARC检查,并且电子邮件已落在用户的收件箱中。 Gmail之前只执行了SPF检查,因为检查是在envelop FROM头域中执行的。
电子邮件标题(标识详细信息已修改)如下所示:
Delivered-To: redacted@gmail.com
Received: by 10.28.167.23 with SMTP id q23csp326872wme;
Mon, 20 Feb 2017 23:53:04 -0800 (PST)
X-Received: by 10.36.147.1 with SMTP id y1mr22192213itd.34.1487663583976;
Mon, 20 Feb 2017 23:53:03 -0800 (PST)
Return-Path: <redacted@fraudulentdomain.net>
Received: from server2.fraudulentdomain.net (server2.fraudulentdomain.net. [144.X.Y.Z])
by mx.google.com with ESMTP id i196si19658513ioi.78.2017.02.20.23.53.03
for <redacted@gmail.com>;
Mon, 20 Feb 2017 23:53:03 -0800 (PST)
Received-SPF: pass (google.com: domain of redacted@fraudulentdomain.net designates 144.X.Y.Z as permitted sender) client-ip=144.X.Y.Z;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of redacted@fraudulentdomain.net designates 144.X.Y.Z as permitted sender) smtp.mailfrom=redacted@fraudulentdomain.net
Received: by server2.fraudulentdomain.net (Postfix, from userid 330)
id 385716C165; Tue, 21 Feb 2017 08:53:03 +0100 (CET)
To: redacted@gmail.com
Subject: Some Subject
From: My Service <spoofed@mydomain.com>,
"MIME-Version:1.0"@server2.fraudulentdomain.net
Content-type: text/html; charset=iso-8859-1
Message-Id: <20170221075303.385716C165@server2.fraudulentdomain.net>
Date: Tue, 21 Feb 2017 08:53:03 +0100 (CET)
为什么Gmail没有启动DMARC检查并且只是执行了SPF检查?是否需要对具有2个值的Display FROM标题执行某些操作?
答案 0 :(得分:1)
这是一个错误,我向谷歌报告过,他们现在已经修好了。