Isso é incrivelmente frustrante. Meus e-mails do Amazon SES estão terminando nas pastas Yahoo e Hotmail Spam, mesmo que meu SPF, SenderID e DKIM estejam configurados corretamente. Como este site em particular exige que os usuários confirmem seus endereços de e-mail, estou perdendo mais de 50% dos novos registros desde o uso do Amazon SES e preciso resolver isso com urgência.
Aqui estão meus registros SPF e SenderID (eles incluem serviços de email do Google, Rackspace e Amazon):
v=spf1 include:_spf.google.com include:emailsrvr.com include:amazonses.com ~all
spf2.0/pra include:_spf.google.com include:emailsrvr.com include:amazonses.com ~all
Eu hospedo esse domínio específico com o GoDaddy e parece que você NÃO precisa usar aspas (") para cercar os registros SPF e SenderID. (De fato, quando tentei com aspas, nem as ferramentas Kitterman nem as ferramentas MXtoolbox conseguiram encontrar o SPF registros e, quando removi as cotações, ambos foram localizados pelos dois serviços.)
No entanto, mesmo que eu estou usando os registros SPF e SenderId como recomendado pela Amazon si, eu mandei um teste e-mail para a autenticação do Port25 verificador serviço , e embora DKIM passou, parece que ambos os registos SPF e SenderId tem permerrors , e ele parece que esses erros estão no fim da Amazon por ter "vários registros" (a ferramenta Kitterman falha com o mesmo motivo "Resultados - Erro permanente no PermError SPF: foram encontrados dois ou mais registros TXT spf do tipo."). Aqui estão os resultados do serviço do Port25:
This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at <[email protected]>.
This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com. The service allows email senders to perform
a simple check of various sender authentication mechanisms. It is provided
free of charge, in the hope that it is useful to the email community. While
it is not officially supported, we welcome any feedback you may have at
<[email protected]>.
Thank you for using the verifier,
The Port25 Solutions, Inc. team
==========================================================
Summary of Results
==========================================================
SPF check: permerror
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: permerror
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: a192-142.smtp-out.amazonses.com
Source IP: 199.255.192.142
mail-from: [email protected]
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: permerror (multiple SPF records)
ID(s) verified: [email protected]
DNS record(s):
amazonses.com. SPF (no records)
amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
amazonses.com. 900 IN TXT "mailru-verification: 71asdf5de908d6ed"
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: [email protected]
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (matches From: [email protected])
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: permerror (multiple SPF records with 'pra' scope)
ID(s) verified: [email protected]
DNS record(s):
_spf.google.com. SPF (no records)
_spf.google.com. 300 IN TXT "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"
emailsrvr.com. SPF (no records)
emailsrvr.com. 28800 IN TXT "v=spf1 ip4:207.97.245.0/24 ip4:207.97.227.208/28 ip4:67.192.241.0/24 ip4:98.129.184.0/23 ip4:72.4.117.0/27 ip4:72.32.49.0/24 ip4:72.32.252.0/24 ip4:72.32.253.0/24 ip4:207.97.200.40 ip4:173.203.2.0/25 ip4:173.203.6.0/23 ip4:50.57.0.0/27 ~all"
amazonses.com. SPF (no records)
amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
amazonses.com. 900 IN TXT "mailru-verification: 71asdf5de908d6ed"
----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.1 (2010-03-16)
Result: ham (-2.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 SINGLE_HEADER_2K A single header contains 2K-3K characters
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
trust
[199.255.192.142 listed in list.dnswl.org]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
==========================================================
Explanation of the possible results (from RFC 5451)
==========================================================
SPF and Sender-ID Results
=========================
"none"
No policy records were published at the sender's DNS domain.
"neutral"
The sender's ADMD has asserted that it cannot or does not
want to assert whether or not the sending IP address is authorized
to send mail using the sender's DNS domain.
"pass"
The client is authorized by the sender's ADMD to inject or
relay mail on behalf of the sender's DNS domain.
"policy"
The client is authorized to inject or relay mail on behalf
of the sender's DNS domain according to the authentication
method's algorithm, but local policy dictates that the result is
unacceptable.
"fail"
This client is explicitly not authorized to inject or
relay mail using the sender's DNS domain.
"softfail"
The sender's ADMD believes the client was not authorized
to inject or relay mail using the sender's DNS domain, but is
unwilling to make a strong assertion to that effect.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability to
retrieve a policy record from DNS. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being absent or
a syntax error in a retrieved DNS TXT record. A later attempt is
unlikely to produce a final result.
DKIM and DomainKeys Results
===========================
"none"
The message was not signed.
"pass"
The message was signed, the signature or signatures were
acceptable to the verifier, and the signature(s) passed
verification tests.
"fail"
The message was signed and the signature or signatures were
acceptable to the verifier, but they failed the verification
test(s).
"policy"
The message was signed but the signature or signatures were
not acceptable to the verifier.
"neutral"
The message was signed but the signature or signatures
contained syntax errors or were not otherwise able to be
processed. This result SHOULD also be used for other
failures not covered elsewhere in this list.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability
to retrieve a public key. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being
absent. A later attempt is unlikely to produce a final result.
==========================================================
Original Email
==========================================================
Return-Path: <[email protected]>
Received: from a192-142.smtp-out.amazonses.com (199.255.192.142) by verifier.port25.com id asdf for <[email protected]>; Sat, 1 Sep 2012 09:24:25 -0400 (envelope-from <[email protected]>)
Authentication-Results: verifier.port25.com; spf=permerror (multiple SPF records) [email protected]
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) [email protected]
Authentication-Results: verifier.port25.com; dkim=pass (matches From: [email protected]) header.d=mysite.com
Authentication-Results: verifier.port25.com; sender-id=permerror (multiple SPF records with 'pra' scope) [email protected]
Return-Path: [email protected]
Message-ID: <[email protected]>
Date: Sat, 1 Sep 2012 13:24:08 +0000
Subject: Confirm your E-mail
From: "[email protected]" <[email protected]>
To: [email protected]
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-SES-Outgoing: 199.255.192.142
Hello testuser,
Confirm your e-mail by clicking this li=
nk:
http://mysite.com/confirmemail/aaasdf7798e
If you ar=
e having problems confirming, enter the code below.
Code: aaasdf7798e
Thanks!
The mysite.com Team
O que posso fazer para corrigir esse problema urgente para que meus e-mails via Amazon SES passem pelo SPF e pelo SenderID e acabem nas caixas de entrada dos usuários do Yahoo e Hotmail? Eu tentei absolutamente tudo e nada parece funcionar. Obrigado.
fonte
Respostas:
Esta ferramenta está correta, um domínio só pode ter um registro TXT / SPF.
Não há como corrigir isso corretamente, você precisa entrar em contato com a Amazon para corrigir seus registros.
Eles precisam ser mesclados (e similares para o
v=spf2
):Observe que a
54.240.0.0/18
peça também está errada, deve estarip4:54.240.0.0/18
.Obviamente, você pode remover
include:amazonses.com
e adicionar os intervalos de IP manualmente.Mas se esses intervalos mudarem, ele falhará novamente.
fonte
v=spf1
e 1v=spf2
permitidos 2) remover oinclude:amazonses.com
addip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18
(note a adicionadoip4:
para a última rede, que também está faltando nos registros publicadosv=spf2
SenderID, mas parece que todo mundo usaspf2.0/pra
para iniciar o registro do SenderID. Qual a diferença, qual devo usar e como seria o início do registro SenderID? Mais uma vez obrigado, agradeço imenso.v=spf2
não existe,spf2.0/pra
está corretov=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 include:_spf.google.com include:emailsrvr.com ~all
espf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 include:_spf.google.com include:emailsrvr.com ~all