Email SES Amazon berakhir di folder Spam Yahoo & Hotmail, meskipun SPF dan SenderID dan DKIM diatur dengan benar

8

Ini sangat membuat frustrasi. Email Amazon SES saya berakhir di folder Spam Yahoo & Hotmail, meskipun SPF, SenderID, dan DKIM saya sudah diatur dengan benar. Karena situs khusus ini mengharuskan pengguna untuk mengkonfirmasi alamat email mereka, saya kehilangan lebih dari 50% dari registrasi baru sejak menggunakan Amazon SES dan harus segera menyelesaikannya.

Ini catatan SPF dan SenderID saya (termasuk layanan email dari Google, Rackspace, dan Amazon):

v=spf1 include:_spf.google.com include:emailsrvr.com include:amazonses.com ~all

spf2.0/pra include:_spf.google.com include:emailsrvr.com include:amazonses.com ~all

Saya meng-host domain khusus ini dengan GoDaddy dan sepertinya Anda TIDAK perlu menggunakan tanda kutip (") untuk mengelilingi catatan SPF dan SenderID. (Sebenarnya, ketika saya mencobanya dengan tanda kutip, tidak juga Kitterman maupun MXtoolbox tidak dapat menemukan SPF catatan, dan ketika saya menghapus tanda kutip, keduanya ditemukan oleh kedua layanan.)

Namun, meskipun saya menggunakan catatan SPF dan SenderID seperti yang direkomendasikan oleh Amazon sendiri, saya mengirim tes e-mail ke layanan verifikasi otentikasi Port25 , dan meskipun DKIM berlalu, tampaknya catatan SPF dan SenderID memiliki permerror , dan itu tampaknya kesalahan itu ada di ujung Amazon karena memiliki "banyak catatan" (alat Kitterman gagal dengan alasan yang sama "Hasil - PermError SPF Kesalahan Permanen: Dua atau lebih jenis TXT spf catatan ditemukan."). Berikut adalah hasil dari layanan Port25:

This message is an automatic response from Port25's authentication verifier service at verifier.port25.com.  The service allows email senders to perform a simple check of various sender authentication mechanisms.  It is provided free of charge, in the hope that it is useful to the email community.  While it is not officially supported, we welcome any feedback you may have at <[email protected]>.

This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com.  The service allows email senders to perform
a simple check of various sender authentication mechanisms.  It is provided
free of charge, in the hope that it is useful to the email community.  While
it is not officially supported, we welcome any feedback you may have at
<[email protected]>.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check:          permerror
DomainKeys check:   neutral
DKIM check:         pass
Sender-ID check:    permerror
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  a192-142.smtp-out.amazonses.com
Source IP:      199.255.192.142
mail-from:      [email protected]

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         permerror (multiple SPF records)
ID(s) verified: [email protected]
DNS record(s):
   amazonses.com. SPF (no records)
   amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
   amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
   amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
   amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
   amazonses.com. 900 IN TXT "mailru-verification: 71asdf5de908d6ed"

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: [email protected]
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         pass (matches From: [email protected])    

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         permerror (multiple SPF records with 'pra' scope)
ID(s) verified: [email protected]
DNS record(s):      
   _spf.google.com. SPF (no records)
   _spf.google.com. 300 IN TXT "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"
   emailsrvr.com. SPF (no records)
   emailsrvr.com. 28800 IN TXT "v=spf1 ip4:207.97.245.0/24 ip4:207.97.227.208/28 ip4:67.192.241.0/24 ip4:98.129.184.0/23 ip4:72.4.117.0/27 ip4:72.32.49.0/24 ip4:72.32.252.0/24 ip4:72.32.253.0/24 ip4:207.97.200.40 ip4:173.203.2.0/25 ip4:173.203.6.0/23 ip4:50.57.0.0/27 ~all"
   amazonses.com. SPF (no records)
   amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
   amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"
   amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
   amazonses.com. 900 IN TXT "spf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"
   amazonses.com. 900 IN TXT "mailru-verification: 71asdf5de908d6ed"

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.1 (2010-03-16)

Result:         ham  (-2.7 points, 5.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
0.0 SINGLE_HEADER_2K       A single header contains 2K-3K characters
-0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at http://www.dnswl.org/, low
                           trust
                           [199.255.192.142 listed in list.dnswl.org]
-0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
                           domain
-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                           [score: 0.0000]
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
                           domain
0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature

==========================================================
Explanation of the possible results (from RFC 5451)
==========================================================

SPF and Sender-ID Results
=========================

"none"
     No policy records were published at the sender's DNS domain.

"neutral"
     The sender's ADMD has asserted that it cannot or does not
     want to assert whether or not the sending IP address is authorized
     to send mail using the sender's DNS domain.

"pass"
     The client is authorized by the sender's ADMD to inject or
     relay mail on behalf of the sender's DNS domain.

"policy"
    The client is authorized to inject or relay mail on behalf
     of the sender's DNS domain according to the authentication
     method's algorithm, but local policy dictates that the result is
     unacceptable.

"fail"
     This client is explicitly not authorized to inject or
     relay mail using the sender's DNS domain.

"softfail"
     The sender's ADMD believes the client was not authorized
     to inject or relay mail using the sender's DNS domain, but is
     unwilling to make a strong assertion to that effect.

"temperror"
     The message could not be verified due to some error that
     is likely transient in nature, such as a temporary inability to
     retrieve a policy record from DNS.  A later attempt may produce a
     final result.

"permerror"
     The message could not be verified due to some error that
     is unrecoverable, such as a required header field being absent or
     a syntax error in a retrieved DNS TXT record.  A later attempt is
     unlikely to produce a final result.


DKIM and DomainKeys Results
===========================

"none"
     The message was not signed.

"pass"
     The message was signed, the signature or signatures were
     acceptable to the verifier, and the signature(s) passed
     verification tests.

"fail"
     The message was signed and the signature or signatures were
     acceptable to the verifier, but they failed the verification
     test(s).

"policy"
     The message was signed but the signature or signatures were
     not acceptable to the verifier.

"neutral"
     The message was signed but the signature or signatures
     contained syntax errors or were not otherwise able to be
     processed.  This result SHOULD also be used for other
     failures not covered elsewhere in this list.

"temperror"
     The message could not be verified due to some error that
     is likely transient in nature, such as a temporary inability
     to retrieve a public key.  A later attempt may produce a
     final result.

"permerror"
     The message could not be verified due to some error that
     is unrecoverable, such as a required header field being
     absent. A later attempt is unlikely to produce a final result.


==========================================================
Original Email
==========================================================

Return-Path: <[email protected]>
Received: from a192-142.smtp-out.amazonses.com (199.255.192.142) by verifier.port25.com id asdf for <[email protected]>; Sat, 1 Sep 2012 09:24:25 -0400 (envelope-from <[email protected]>)
Authentication-Results: verifier.port25.com; spf=permerror (multiple SPF records) [email protected]
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) [email protected]
Authentication-Results: verifier.port25.com; dkim=pass (matches From: [email protected]) header.d=mysite.com
Authentication-Results: verifier.port25.com; sender-id=permerror (multiple SPF records with 'pra' scope) [email protected]    
Return-Path: [email protected]
Message-ID: <[email protected]>
Date: Sat, 1 Sep 2012 13:24:08 +0000
Subject: Confirm your E-mail
From: "[email protected]" <[email protected]>
To: [email protected]
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-SES-Outgoing: 199.255.192.142

Hello testuser,

Confirm your e-mail by clicking this li=
nk:

http://mysite.com/confirmemail/aaasdf7798e

If you ar=
e having problems confirming, enter the code below.

Code: aaasdf7798e

Thanks!
The mysite.com Team

Apa yang bisa saya lakukan untuk memperbaiki masalah mendesak ini sehingga email saya melalui Amazon SES lulus SPF dan SenderID dan berakhir di Kotak Masuk pengguna Yahoo dan Hotmail saya? Saya sudah mencoba segalanya dan sepertinya tidak ada yang berhasil. Terima kasih.

ProgrammerGirl
sumber
3
Untuk referensi di masa mendatang, mengapa pertanyaan ini dibatalkan dua kali? Terima kasih.
ProgrammerGirl

Jawaban:

3

Alat ini benar, domain hanya diperbolehkan memiliki satu catatan TXT / SPF.
Tidak ada cara untuk memperbaikinya dengan benar, Anda harus menghubungi Amazon untuk memperbaiki catatan mereka.

Ini perlu digabung (dan serupa untuk v=spf2):

   amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ~all"  
   amazonses.com. 900 IN TXT "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 54.240.0.0/18 ~all"  

Perhatikan bahwa 54.240.0.0/18bagian itu juga salah, seharusnyaip4:54.240.0.0/18 .

Tentu saja Anda dapat menghapus include:amazonses.comdan menambahkan rentang IP secara manual.
Tetapi jika rentang itu berubah, itu akan gagal lagi.

pemalsu
sumber
Terima kasih telah mengonfirmasi kecurigaan saya bahwa masalahnya ada di ujung Amazon. Dua pertanyaan cepat: 1) Jika suatu domain hanya diperbolehkan memiliki satu catatan TXT / SPF, lalu bagaimana ia dapat memiliki catatan SPF standar dan SenderID? 2) Bagaimana saya bisa menambahkan rentang IP secara manual ke SPF dan SenderID sampai Amazon memperbaikinya? Terima kasih!
ProgrammerGirl
1
1) yang dihitung sebagai yang berbeda, hanya 1 v=spf1dan 1 yang v=spf2diizinkan 2) menghapus include:amazonses.comadd Anda ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18(perhatikan tambah ip4:untuk jaringan terakhir, yang juga hilang dalam catatan yang diterbitkan
faker
Terima kasih. Saya perhatikan bahwa Anda menggunakan v=spf2untuk SenderID, namun tampaknya semua orang menggunakan spf2.0/prauntuk memulai catatan SenderID. Apa bedanya, yang mana yang harus saya gunakan, dan bagaimana tampilan awal catatan SenderID? Terima kasih sekali lagi, saya sangat menghargainya.
ProgrammerGirl
1
Maaf, Anda benar, v=spf2tidak ada, spf2.0/prabenar
faker
1
baik tidak, Anda mungkin ingin tetap menyertakan penyedia Anda yang lain, jadi: v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 include:_spf.google.com include:emailsrvr.com ~alldanspf2.0/pra ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 include:_spf.google.com include:emailsrvr.com ~all
faker 3'12