为什么我的邮件与我的标题不同? [英] Why is it acceptable for my mail from to be different to my from header?
问题描述
据了解,SMTP服务器将SPF验证主机名称在MAIL FROM或ENVELOPE FROM SMTP命令期间提供(我的示例来自telnet'ing到gmail-smtp-in.l.google.com:
MAIL FROM:< matt@example.com>
Gmail然后做它的事,确保我的SPF记录为example.com允许我的IP发送,但在这里似乎跌倒了,我不能只注册一个域,正确设置我的TXT和SPF记录为我的IP,然后发送?完整示例:
$ telnet gmail-smtp-in.l.google.com 25
尝试173.194.68.27。
连接到gmail-smtp-in.l.google.com
转义字符为'^]。
220 mx.google.com ESMTP m6si2285029qao.20 - gsmtp
HELO ec2-23-22-210-XXX.compute-1.amazonaws.com
250 mx.google.com在您的服务
邮件FROM:其中matt@ec2-23-22-210-XXX.compute-1.amazonaws.com>
250 2.1.0 OK m6si2285029qao.20 - gsmtp
RCPT TO:<(一个真正的Gmail地址)@ gmail.com>
250 2.1.5 OK m6si2285029qao.20 - gsmtp
DATA
354前进m6si2285029qao.20 - gsmtp
From:Litmus< hello@litmus.com>
至:< anybody@example.com>
主题:欢迎来到Litmus!
日期:2013年6月27日,星期四16:24:30 -0500
欢迎!
。
250 2.0.0 OK 1372363723 m6si2285029qao.20 - gsmtp
QUIT
221 2.0.0关闭连接m6si2285029qao.20 - gsmtp
外部主机关闭连接。
检查gmail中的标题显示:
Received-SPF:pass(google.com:matt@ec2-23-22-210-XXX.compute-1.amazonaws.com的域名的最佳猜测记录表示23.22.210。 XXX作为允许的发件人)client-ip = 23.22.210.XXX;
查看Sparrow中的消息:
我以为这一点的SPF是为了保护我的域(作为发件人)不被欺骗?但是如果发件人的SPF配置正确(不完全是困难或昂贵的 - 我只是用免费的micro ec2实例),那么它似乎不适用?
我注意到,Gmail中的4项测试中有4项将邮件放入垃圾邮件中,但我认为是因为EC2 IP的声誉?还是有一些我对于Gmail正在收拾SPF的东西?
我缺少什么?
这可能是循环的。这是因为From头无法通过描述的方式进行验证。
SPF不是以这种方式验证标题行。
您必须接受来自:行的内容,这取决于电子邮件作曲家的想法。记住,即使电子邮件地址本身是信任的,许多客户端只显示引号中的内容。在这两种情况下,他们会很容易地展示作曲家想要的作品:
From:night< day @ example。 COM>
From:day< day@example.com>
我觉得这太过分了吗?是啊。 SPF有什么可以做的吗?否。
DKIM可能是您正在寻找的,它专注于标题验证。
There's something that's always bothered me about SPF, why doesn't it validate the From header?
As I understand it, an SMTP server will SPF validate the hostname provided during the MAIL FROM or ENVELOPE FROM SMTP commands (my examples are from telnet'ing to gmail-smtp-in.l.google.com:
MAIL FROM:<matt@example.com>
Gmail then does its thing, making sure my SPF record for example.com permits my IP for sending from. But here's where it seems to fall down, couldn't I just register a domain, set up my TXT and SPF records correctly for my IP, then send? Full example:
$ telnet gmail-smtp-in.l.google.com 25
Trying 173.194.68.27...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP m6si2285029qao.20 - gsmtp
HELO ec2-23-22-210-XXX.compute-1.amazonaws.com
250 mx.google.com at your service
MAIL FROM:<matt@ec2-23-22-210-XXX.compute-1.amazonaws.com>
250 2.1.0 OK m6si2285029qao.20 - gsmtp
RCPT TO:<(a real gmail address)@gmail.com>
250 2.1.5 OK m6si2285029qao.20 - gsmtp
DATA
354 Go ahead m6si2285029qao.20 - gsmtp
From: "Litmus" <hello@litmus.com>
To: <anybody@example.com>
Subject: Welcome to Litmus!
Date: Thu, 27 June 2013 16:24:30 -0500
Welcome!
.
250 2.0.0 OK 1372363723 m6si2285029qao.20 - gsmtp
QUIT
221 2.0.0 closing connection m6si2285029qao.20 - gsmtp
Connection closed by foreign host.
Inspecting the headers from gmail reveals:
Received-SPF: pass (google.com: best guess record for domain of matt@ec2-23-22-210-XXX.compute-1.amazonaws.com designates 23.22.210.XXX as permitted sender) client-ip=23.22.210.XXX;
Looking at the message in Sparrow:
I thought the point of SPF was to help protect my domain (as a sender) from being spoofed? But if the sender has SPF correctly configured (not exactly difficult or expensive to do - I just did it with a free micro ec2 instance above) then it doesn't seem to apply?
I did notice that Gmail put my message in spam in 4 out of 5 tests I performed, but I assume that's because of the reputation of EC2 IPs? Or is there something I'm missing about SPF that Gmail is picking up on?
What am I missing?
This might sound circular. It is because the From header cannot be verified in the way you have described.
SPF is not designed to verify header lines in this way.
You have to accept the From: line for what it is, something subject to the whims of the composer of the email.
Remember, even if the email address itself was trusted, many clients display just the stuff in quotes. They would just as easily show what the composer wanted in these two cases:
From: "night" <day@example.com>
From: "day" <day@example.com>
Do I think this is too liberal? Yeah. Is there anything that SPF can do about it? No.
DKIM is probably what you are looking for, it is focused on header validation.
这篇关于为什么我的邮件与我的标题不同?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
