使用Amazon SES和Google Apps的正确SPF记录是多少？ [英] What is the correct SPF record for using both Amazon SES and Google Apps

问题描述

Google Apps表示他们希望您将波浪号〜放在它： http://support.google.com/a/bin/answer。 py？hl = en&answer = 178723 ，但大多数其他示例都有一个破折号 - 。

亚马逊想要：v = spf1 include： amazonses.com -all

Google想要：v = spf1 include：_spf.google.com〜all

$ b $ p
$ b

我们目前有这样一个组合：

TXTv = spf1 include：amazonses.com include： _spf.google.com〜all

SPFv = spf1 include：amazonses.com include：_spf.google.com〜all

---

1）这是否正确的SPF记录？

2）我们是否缺少任何东西，这个记录应该是完全一样的TXT& SPF DNS记录？这是我们所有的，我们没有其他的东西。

我们只从Google Apps和Amazon SES发送电子邮件，没有别的。

解决方案

1. 发布TXT记录：

    v = spf1 include：_spf.google.com include：amazonses.com〜all
     

   Amazon SES 文档说没有额外的一个域需要SPF配置，但事实证明，添加包括：amazonses.com 到记录使得发件人ID 通过。即使发件人ID是考虑 已过时，一些接收者可以实现它。

   
   
   

   如果Amazon SES是配置使用自定义MAIL-FROM子域，发布子域的另一个TXT记录：

    v = spf1 include：amazonses.com〜all
     

   设置一个自定义子域是为了更好的可交付性和客户体验而设的。例如，该域将显示在Gmail中的 mailed-by 字段中。

   
   
   

   您可以使用 -all ，而不是〜all 。在这种情况下，从SPF记录未包含的来源发送的邮件可能会被收件人拒绝。




2. 根据RFC 7208的第3.1节：

   
   

   SPF记录必须作为DNS TXT（类型16）资源记录（RR）[RFC1035]发布。

   
   < blockquote>
   
   

   因此，SPF记录类型现在已经过时。




3. 关于你的评论，这里有一个简单的方法测试SPF是否工作：

   
   
   
   
   
   • 发送电子邮件至 check-auth@verifier.port25.com 从Gmail和Amazon SES测试电子邮件表单。
   
   
   • 之后，搜索自动回复 SPF检查：pass 。
     




What would be the correct SPF record to use for both Amazon SES and Google Apps together:

Google Apps says they want you to have the tilde "~" in it: http://support.google.com/a/bin/answer.py?hl=en&answer=178723, but most other examples have a dash "-" instead.

Amazon wants: "v=spf1 include:amazonses.com -all"

Google wants: "v=spf1 include:_spf.google.com ~all"

---

We currently have this, combining both together:

TXT "v=spf1 include:amazonses.com include:_spf.google.com ~all"

SPF "v=spf1 include:amazonses.com include:_spf.google.com ~all"

---

1) Is this the correct SPF record?

2) Are we missing anything, should this record be the exact same for both TXT & SPF DNS records? That is all we have, we don't have anything else.

We only send email from Google Apps and Amazon SES, nothing else.

解决方案

1. Publish a TXT record:

   "v=spf1 include:_spf.google.com include:amazonses.com ~all"
   

   Amazon SES documentation says that no additional SPF configuration is required for a domain, but it turns out that adding include:amazonses.com to the record makes Sender ID pass as well. Even though Sender ID is considered obsolete, some receivers could implement it.

   If Amazon SES is configured to use a custom MAIL-FROM subdomain, publish another TXT record for the subdomain:

   "v=spf1 include:amazonses.com ~all"
   

   It's good to have a custom subdomain set up for better deliverability and customer experience. For example, the domain will be displayed in the mailed-by field in Gmail.

   You can use -all instead of ~all. In this case, emails sent from sources not covered in SPF record may be rejected by recipients.

2. According to Section 3.1 of RFC 7208:

   SPF records MUST be published as a DNS TXT (type 16) Resource Record (RR) [RFC1035] only.

   Thus, SPF record type is now obsolete.

3. Regarding your comment, here is one simple way to test whether SPF works:

   • Send emails to check-auth@verifier.port25.com from both Gmail and Amazon SES Test Email form.
   • Afterwards, search the automated reply for SPF check: pass.

这篇关于使用Amazon SES和Google Apps的正确SPF记录是多少？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！