Cara Validasi Otentikasi Email Sampeyan Disiyapake kanthi Bener (DKIM, DMARC, SPF)

DKIM Validator DMARC SPF

Yen sampeyan ngirim email kanthi volume apa wae, iki minangka industri sing dianggep salah lan kudu mbuktekake manawa sampeyan ora salah. Kita kerja bareng karo akeh perusahaan sing mbantu migrasi email, pemanasan IP, lan masalah pangiriman. Umume perusahaan ora ngerti yen dheweke duwe masalah.

Masalah Kahuripan saka Deliverability

Ana telung masalah sing ora katon babagan pangiriman email sing ora dingerteni bisnis:

  1. ijin - Panyedhiya layanan email (ESP) ngatur ijin opt-in... nanging panyedhiya layanan internet (ISP) ngatur gateway kanggo alamat email sing dituju. Iku pancene sistem elek. Sampeyan bisa nindakake kabeh kanthi bener minangka bisnis kanggo entuk ijin lan alamat email, lan ISP ora ngerti lan bisa uga ngalangi sampeyan.
  2. Inbox Placed – ESPs ningkataké dhuwur bisa ngirim tarif sing Sejatine omong kosong. Email sing diarahake langsung menyang folder sampah lan ora nate katon dening pelanggan email sampeyan dikirim kanthi teknis. Supaya bener ngawasi Panjenengan kothak mlebu, sampeyan kudu nggunakake dhaptar wiji lan goleki saben ISP. Ana layanan sing nindakake iki.
  3. Reputasi - ISP lan layanan pihak katelu uga njaga skor reputasi kanggo alamat IP sing dikirim kanggo email sampeyan. Ana dhaptar ireng sing bisa digunakake ISP kanggo mblokir kabeh email sampeyan, utawa sampeyan bisa uga duwe reputasi sing ora apik sing bakal nggawa sampeyan menyang folder sampah. Ana sawetara layanan sing bisa digunakake kanggo ngawasi reputasi IP sampeyan… nanging aku bakal rada pesimis amarga akeh sing ora ngerti babagan algoritma saben ISP.

Email Authentication

Praktek paling apik kanggo nyuda masalah penempatan kothak mlebu yaiku kanggo mesthekake yen sampeyan wis nyiyapake sawetara cathetan DNS sing bisa digunakake ISP kanggo nggoleki lan mesthekake yen email sing dikirim bener-bener dikirim dening sampeyan lan dudu dening wong sing nyamar dadi perusahaan sampeyan. . Iki ditindakake liwat sawetara standar:

  • Kerangka Kebijakan Pangirim (SPF) – standar paling tuwa, ing kene sampeyan ndhaptar rekaman TXT ing registrasi domain sampeyan (DNS) sing nyatakake domain utawa alamat IP sing sampeyan kirim email kanggo perusahaan sampeyan. Contone, aku ngirim email kanggo Martech Zone saka Ruang kerja Google lan saka CircuPress (ESPku dhewe saiki ing beta). Aku duwe plugin SMTP ing situs webku uga dikirim liwat Google, yen ora, aku bakal duwe alamat IP sing uga kalebu.

v=spf1 include:circupressmail.com include:_spf.google.com ~all

  • domain-based Pesen Authentication, Reporting lan Conformance (DMARC) - standar sing luwih anyar iki nduweni kunci sing dienkripsi sing bisa validasi domainku lan pangirim. Saben kunci diprodhuksi dening pangirimku, mesthekake yen email sing dikirim dening spammer ora bisa disalahake. Yen sampeyan nggunakake Google Workspace, iki carane kanggo nyetel DMARC.
  • DomainKeys Identified Mail (DKIM) - Makarya bebarengan karo rekaman DMARC, rekaman iki ngandhani ISP babagan cara ngobati aturan DMARC lan SPF uga ing ngendi ngirim laporan pangiriman. Aku pengin ISP nolak pesen sing ora ngliwati DKIM utawa SPF, lan aku pengin ngirim laporan menyang alamat email kasebut.

v=DMARC1; p=reject; rua=mailto:dmarc@martech.zone; adkim=r; aspf=s;

  • Indikator Brand kanggo Identifikasi Pesen (BIMI) - tambahan paling anyar, BIMI nyedhiyakake sarana kanggo ISP lan aplikasi email kanggo nampilake logo merek ing klien email. Ana loro standar mbukak uga minangka standar standar ndhelik kanggo Gmail ngendi sampeyan uga kudu certificate ndhelik. Sertifikat cukup larang, mula aku durung nglakoni.

v=BIMI1; l=https://martech.zone/logo.svg;a=self;

CATETAN: Yen sampeyan butuh pitulung kanggo nyetel otentikasi email sampeyan, aja ragu-ragu hubungi perusahaanku Highbridge. Kita duwe tim saka marketing email lan pakar deliverability sing bisa nulungi.

Cara Validasi Otentikasi Email

Kabeh informasi sumber, informasi relay, lan informasi validasi sing ana gandhengane karo saben email ditemokake ing header pesen. Yen sampeyan ahli deliverability, interpretasi iki cukup gampang… nanging yen sampeyan anyar, iku luar biasa angel. Mangkene tampilan header pesen kanggo buletin kita, aku wis nggawe abu-abu sawetara email respon otomatis lan informasi kampanye:

Header Pesen - DKIM lan SPF

Yen maca liwat, sampeyan bisa ndeleng apa aturan DKIM sandi, apa DMARC liwat (ora) lan sing SPF liwat ... nanging sing akèh karya. Nanging, ana solusi sing luwih apik, lan kudu digunakake DKIMValidator. DKIMValidator menehi alamat email sing bisa ditambahake menyang dhaptar buletin utawa dikirim liwat email kantor… lan nerjemahake informasi header dadi laporan sing apik:

Pisanan, iku validates sandi DMARC enkripsi lan DKIM teken kanggo ndeleng apa utawa ora liwat (ora).

DKIM Information:
DKIM Signature

Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=circupressmail.com;
	s=cpmail; t=1643110423;
	bh=PTOH6xOB3+wFZnnY1pLaJgtpK9n/IkEAtaO/Xc4ruZs=;
	h=Date:To:From:Reply-to:Subject:List-Unsubscribe;
	b=HKytLVgsIfXxSHVIVurLQ9taKgs6hAf/s4+H3AjqE/SJpo+tamzS9AQVv3YOq1Nt/
	 o1mMOkAJN4HTt8JXDxobe6rJCia9bU1o7ygGEBY+dIIzAyURLBLo5RzyM+hI/X1BGc
	 jeA93dVXA+clBjIuHAM9t9LGxSri7B5ka/vNG3n8=


Signature Information:
v= Version:         1
a= Algorithm:       rsa-sha256
c= Method:          relaxed/relaxed
d= Domain:          circupressmail.com
s= Selector:        cpmail
q= Protocol:        
bh=                 PTOH6xOB3+wFZnnY1pLaJgtpK9n/IkEAtaO/Xc4ruZs=
h= Signed Headers:  Date:To:From:Reply-to:Subject:List-Unsubscribe
b= Data:            HKytLVgsIfXxSHVIVurLQ9taKgs6hAf/s4+H3AjqE/SJpo+tamzS9AQVv3YOq1Nt/
	 o1mMOkAJN4HTt8JXDxobe6rJCia9bU1o7ygGEBY+dIIzAyURLBLo5RzyM+hI/X1BGc
	 jeA93dVXA+clBjIuHAM9t9LGxSri7B5ka/vNG3n8=
Public Key DNS Lookup

Building DNS Query for cpmail._domainkey.circupressmail.com
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+D53OskK3EM/9R9TrX0l67Us4wBiErHungTAEu7DEQCz7YlWSDA+zrMGumErsBac70ObfdsCaMspmSco82MZmoXEf9kPmlNiqw99Q6tknblJnY3mpUBxFkEX6l0O8/+1qZSM2d/VJ8nQvCDUNEs/hJEGyta/ps5655ElohkbiawIDAQAB
Validating Signature

result = fail
Details: body has been altered

Banjur, goleki rekaman SPFku kanggo ndeleng manawa lulus (iku):

SPF Information:
Using this information that I obtained from the headers

Helo Address = us1.circupressmail.com
From Address = info@martech.zone
From IP      = 74.207.235.122
SPF Record Lookup

Looking up TXT SPF record for martech.zone
Found the following namesevers for martech.zone: ns57.domaincontrol.com ns58.domaincontrol.com
Retrieved this SPF Record: zone updated 20210630 (TTL = 600)
using authoritative server (ns57.domaincontrol.com) directly for SPF Check
Result: pass (Mechanism 'include:circupressmail.com' matched)

Result code: pass
Local Explanation: martech.zone: Sender is authorized to use 'info@martech.zone' in 'mfrom' identity (mechanism 'include:circupressmail.com' matched)
spf_header = Received-SPF: pass (martech.zone: Sender is authorized to use 'info@martech.zone' in 'mfrom' identity (mechanism 'include:circupressmail.com' matched)) receiver=ip-172-31-60-105.ec2.internal; identity=mailfrom; envelope-from="info@martech.zone"; helo=us1.circupressmail.com; client-ip=74.207.235.122

Lan pungkasane, iki menehi kula wawasan babagan pesen kasebut lan manawa konten kasebut bisa menehi tandha sawetara alat deteksi SPAM, mriksa manawa aku ana ing dhaptar ireng, lan ngandhani manawa disaranake dikirim menyang folder sampah:

SpamAssassin Score: -4.787
Message is NOT marked as spam
Points breakdown: 
-5.0 RCVD_IN_DNSWL_HI       RBL: Sender listed at https://www.dnswl.org/,
                            high trust
                            [74.207.235.122 listed in list.dnswl.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
                            identical to background
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                            valid
 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
                            Colors in HTML
 0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid

Priksa manawa kanggo nyoba saben ESP utawa layanan olahpesen pihak katelu sing perusahaan sampeyan ngirim email kanggo mesthekake Otentikasi Email wis diatur kanthi bener!

Tes Email Sampeyan Kanthi Validator DKIM

Pengungkapan: Aku nggunakake link afiliasi kanggo Ruang kerja Google ing artikel iki.