使用Amazon SES和Google Apps的正确SPF记录是多少? [英] What is the correct SPF record for using both Amazon SES and Google Apps
问题描述
Google Apps表示他们希望您将波浪号〜放在它: http://support.google.com/a/bin/answer。 py?hl = en&answer = 178723 ,但大多数其他示例都有一个破折号 - 。
亚马逊想要:v = spf1 include: amazonses.com -all
Google想要:v = spf1 include:_spf.google.com〜all
$ b $ p
$ b
我们目前有这样一个组合:
TXTv = spf1 include:amazonses.com include: _spf.google.com〜all
SPFv = spf1 include:amazonses.com include:_spf.google.com〜all
1)这是否正确的SPF记录?
2)我们是否缺少任何东西,这个记录应该是完全一样的TXT& SPF DNS记录?这是我们所有的,我们没有其他的东西。
我们只从Google Apps和Amazon SES发送电子邮件,没有别的。
-
发布TXT记录:
v = spf1 include:_spf.google.com include:amazonses.com〜all
Amazon SES 文档说没有额外的一个域需要SPF配置,但事实证明,添加
包括:amazonses.com
到记录使得发件人ID 通过。即使发件人ID是考虑 已过时,一些接收者可以实现它。
如果Amazon SES是配置使用自定义MAIL-FROM子域,发布子域的另一个TXT记录:
v = spf1 include:amazonses.com〜all
设置一个自定义子域是为了更好的可交付性和客户体验而设的。例如,该域将显示在Gmail中的
mailed-by
字段中。
您可以使用 -all ,而不是〜all 。在这种情况下,从SPF记录未包含的来源发送的邮件可能会被收件人拒绝。
-
根据RFC 7208的第3.1节:
SPF记录必须作为DNS TXT(类型16)资源记录(RR)[RFC1035]发布。
< blockquote>
因此,SPF记录类型现在已经过时。
-
关于你的评论,这里有一个简单的方法测试SPF是否工作:
- 发送电子邮件至
check-auth@verifier.port25.com
从Gmail和Amazon SES测试电子邮件表单。 - 之后,搜索自动回复
SPF检查:pass
。
- 发送电子邮件至
What would be the correct SPF record to use for both Amazon SES and Google Apps together:
Google Apps says they want you to have the tilde "~" in it: http://support.google.com/a/bin/answer.py?hl=en&answer=178723, but most other examples have a dash "-" instead.
Amazon wants: "v=spf1 include:amazonses.com -all"
Google wants: "v=spf1 include:_spf.google.com ~all"
We currently have this, combining both together:
TXT "v=spf1 include:amazonses.com include:_spf.google.com ~all"
SPF "v=spf1 include:amazonses.com include:_spf.google.com ~all"
1) Is this the correct SPF record?
2) Are we missing anything, should this record be the exact same for both TXT & SPF DNS records? That is all we have, we don't have anything else.
We only send email from Google Apps and Amazon SES, nothing else.
Publish a TXT record:
"v=spf1 include:_spf.google.com include:amazonses.com ~all"
Amazon SES documentation says that no additional SPF configuration is required for a domain, but it turns out that adding
include:amazonses.com
to the record makes Sender ID pass as well. Even though Sender ID is considered obsolete, some receivers could implement it.If Amazon SES is configured to use a custom MAIL-FROM subdomain, publish another TXT record for the subdomain:
"v=spf1 include:amazonses.com ~all"
It's good to have a custom subdomain set up for better deliverability and customer experience. For example, the domain will be displayed in the
mailed-by
field in Gmail.You can use -all instead of ~all. In this case, emails sent from sources not covered in SPF record may be rejected by recipients.
According to Section 3.1 of RFC 7208:
SPF records MUST be published as a DNS TXT (type 16) Resource Record (RR) [RFC1035] only.
Thus, SPF record type is now obsolete.
Regarding your comment, here is one simple way to test whether SPF works:
- Send emails to
check-auth@verifier.port25.com
from both Gmail and Amazon SES Test Email form. - Afterwards, search the automated reply for
SPF check: pass
.
- Send emails to
这篇关于使用Amazon SES和Google Apps的正确SPF记录是多少?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!