如何正确设置DNS SPF记录?

时间:2012-03-20 09:45:40

标签: smtp amazon-web-services dns amazon-ses spf

我每周都会向订阅者发送电子邮件,结果发现邮件经常会发送到用户的垃圾邮件文件夹。

我正在利用Amazon SES发送这些消息,并根据他们的指示添加了SPF记录:http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/SPFSenderIDDKIM.html?r=3917

在查询我的域名的SPF记录时,我从http://www.kitterman.com/spf/validate.html获得以下回复:

SPF record lookup and validation for: mydomain.tld

SPF records are primarily published in DNS as TXT records.

The TXT records found for your domain are:


SPF records should also be published in DNS as type SPF records.
Type SPF records found for the domain are:


Checking to see if there is a valid SPF record. 

Found v=spf1 record for mydomain.tld: 
v=spf1 include:amazonses.com ?all 

evaluating...
Results - record processed without error.

The result of the test (this should be the default result of your record) was, none . The explanation returned was,

对于我的CloudFlare DNS记录,我有:

SPF  mydomain.tld   v=spf1 include:amazonses.com ?all   with automatic TTL
TXT  mydomain.tld   spf2.0/pra include:amazonses.com ?all   with automatic TTL

电子邮件是从“no-reply@mydomain.tld”和“admin@mydomain.tld”发送的。

有些用户报告看到以下消息:“错误地显示为”退回邮件“响应的邮件(系统生成的电子邮件,您可能会在发送无法传递的邮件后自动获得,例如邮件发送到无效的电子邮件地址)“

使用我目前的发送解决方案,我无法在电子邮件中添加DKIM。

如何解决此问题以改善用户的任何收据问题?

1 个答案:

答案 0 :(得分:23)

您的域名没有有效的TXT记录(请注意该测试不会返回任何记录,请参阅下面的工作示例),这是由于TXT个记录中缺少引号如所解释的那样定义在Record Types Supported中:

  

与大多数其他记录类型不同,对于TXT记录,数据字段是   基本上是自由形式,甚至可能包括空格。请注意:什么时候   输入包含空格的字符串,例如SPF记录,您必须   用双引号括起字符串;否则,个别单词会   单独引用并将记录分成多个部分。

根据Amazon SES,以下是我们目前成功用于Authenticating Your Email AddressTXT条记录(确实令人遗憾的是,它们的文档无法解决引用需求):

"v=spf1 include:amazonses.com ~all"
"spf2.0/pra include:amazonses.com ~all"

因此,这是我们域名的缩略结果,用于您一直在运行的测试:

SPF record lookup and validation for: [...]

SPF records are primarily published in DNS as TXT records.

The TXT records found for your domain are:
spf2.0/pra include:amazonses.com ~all 
v=spf1 include:amazonses.com ~all 

[...]

Checking to see if there is a valid SPF record. 

Found v=spf1 record for services.marescom.net: 
v=spf1 include:amazonses.com ~all