如何知道 SPF 配置是否有效(Amazon SES/Route53)? [英] How to know if the SPF config is working (Amazon SES/Route53)?
问题描述
我正在使用 Amazon SES 和 Route53,但对如何指定 TXT 值以包含正确的 SPF 配置感到困惑.亚马逊给了我一个 SES TXT 名称/值对,看起来像这样:
I'm using Amazon SES and Route53 and confused how I specify the TXT value to include the proper SPF config. Amazon gave me a SES TXT name/value pair which looks something like this:
Name: "_amazonses.xxx.com"
Value: "bInxJfnRbxxxxx9uFXgmxxxxxQHd08UxxxxxxsG+k="
我将此插入到我的 Route53 记录集(与 Godaddy 上的区域文件"相同).在将我的 SMTP 凭据添加到我的应用程序并让 Amazon 验证我的帐户(授予生产访问权限")后,果然可以正常工作,我可以将电子邮件从我的站点发送到各种帐户(Gmail、Yahoo、Hotmail、我的 .edu 大学)帐户).
I plugged this into my Route53 Record Set (same as "Zone file" on Godaddy). Sure enough after adding my SMTP credentials to my app and having Amazon verify my account ("grant production access"), it works and I can send email from my site to a variety of accounts (Gmail, Yahoo, Hotmail, my .edu university account).
我对 SPF 一无所知,但听说将其包含在电子邮件服务器配置中很好.通过谷歌搜索 Amazon SES,我一直看到包含流动的片段:
I know nothing about SPF but hear it is good include in one's email server configuration. By googling about Amazon SES, I keep seeing to include the flowing snippets:
"v=spf1 include:amazonses.com ~all"
"spf2.0/pra include:amazonses.com ~all"
目前,这两个片段包含在与上面那个大而丑陋的值相同的 TXT 值字段中(bInxJfnRb..."),我的电子邮件仍然可以正常发送.
Currently, these 2 snippets are included in the same TXT value field as that big, ugly value above("bInxJfnRb...") and my emails still get sent ok.
两个相关的问题:
- 将所有 3 个片段放在一个 TXT 值字段中是否适合放置这些片段?
- v=spf1 include:amazonses.com ~all"和spf2..."在什么情况下起作用?基本上,我怎么知道他们是否在做什么?
推荐答案
Tim,
我一直使用 TXT 记录来保存 SPF 和 SenderID 信息,如下所示(以下几行是 dig 的结果):
I have always used TXT records for keeping SPF and SenderID information, like follows (the lines below are the result of a dig):
mydomain.com.86400 IN TXTv=spf1 包括:amazonses.com ?all"
mydomain.com.86400 IN TXT "spf2.0/pra include:amazonses.com ?all"
mydomain.com. 86400 IN TXT "v=spf1 include:amazonses.com ?all"
mydomain.com. 86400 IN TXT "spf2.0/pra include:amazonses.com ?all"
这也是亚马逊建议您这样做的方式.
This is also how Amazon recommends you to do it.
SPF 和 SenderID 都是 ISP 用来验证从您的域发送电子邮件的服务器是否确实授权您的域这样做的机制.每当 ISP 即将转发您的电子邮件时,他们都会执行此类检查以确保它不是垃圾邮件.Amazon SES 页面上的解释是我能找到的最简洁的解释之一:
Both SPF and SenderID are mechanisms ISPs use to verify the server which sent the email as being from your domain is really authorized by your domain to do so. Whenever an ISP is about to forward your email message, they will perform this kind of checks in order to guarantee it is not a SPAM. The explanation on Amazon SES page is one of the most concise I could find:
在 Internet 上转发电子邮件流量的 ISP 非常了解垃圾邮件发送者及其活动.大多数 ISP 已采取措施来评估电子邮件是否合法.ISP 考虑的一项此类操作是电子邮件身份验证,其中发件人提供证据,证明他们是发送邮件的帐户的所有者.在某些情况下,ISP 会拒绝转发未经身份验证的电子邮件.
ISPs that forward email traffic on the Internet are well aware of spammers and their activities. Most ISPs have taken measures to evaluate whether email is legitimate. One such action that ISPs consider is email authentication, in which senders provide evidence that they are the owner of the account that they are sending from. In some cases, ISPs will refuse to forward email that is not authenticated.
如果 Gmail、Yahoo! 等提供商将您的电子邮件发送到其最终目的地,则您的 DNS 条目可能已经正确.如果您尝试删除它们并等待 DNS 设置传播一段时间,您的电子邮件很可能会开始被归类为垃圾邮件.有一些网络工具,例如这个,可以帮助您验证您的 SPF 记录.
If providers like Gmail, Yahoo!, etc, delivered your email to its final destination, your DNS entries are probably already correct. If you try to remove them and wait some time for the DNS settings to propagate, it is very likely your email will start being classified as spam. There are some web tools, like this one, which can help you validate your SPF records.
希望有帮助.
这篇关于如何知道 SPF 配置是否有效(Amazon SES/Route53)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
