Sida Loo Xaqiijiyo Xaqiijinta Iimaylkaaga Si Sax Ah Ayaa Loo Dejiyay (DKIM, DMRC, SPF)

Xaqiijiyaha DKIM DMRC SPF

Haddii aad direyso iimaylka nooc kasta oo mug ah, waa warshado laguu maleeyo inaad dambiile tahay oo ay tahay inaad caddeyso inaadan dambiile ahayn. Waxaan la shaqeynaa shirkado badan oo iyaga ka caawinaya socdaalka iimaylka, kulaylka IP, iyo arrimaha gaarsiinta. Shirkadaha intooda badan xitaa ma oga inay dhibaato qabaan.

Dhibaatooyinka aan muuqan ee Bixinta

Waxa jira saddex dhibaato oo aan la arki karin oo ku saabsan keenista iimaylka oo ganacsiyadu aanay ka warqabin:

  1. Ogolaashaha - Bixiyeyaasha adeegga iimaylka (gaar ahaan) maamul oggolaanshaha ka-duwanaanshaha… laakiin bixiyaha adeegga internetka (ISP) waxay maamushaa albaabka ciwaanka iimaylka loo socdo. Runtii waa nidaam aad u xun. Waxaad samayn kartaa wax kasta oo sax ah ganacsi ahaan si aad u hesho ogolaansho iyo ciwaanno iimayl, ISP-na wax fikrad ah kama haysto oo waxa laga yaabaa inay ku xannibto si kastaba.
  2. Meelaynta Sanduuqa - ESPs waxay kor u qaadaan sare samatabbixin Heerarka asal ahaan aan macno lahayn. Iimayl si toos ah loogu shubay galka junk-ka oo aan waligiis lagu arkin macaamiishaada iimaylka ayaa si farsamo ahaan loo keenay. Si aad si dhab ah ula socoto kaaga meelaynta sanduuqa, waa inaad isticmaashaa liiska abuur oo aad eegtaa ISP kasta. Waxaa jira adeegyo tan sameeya.
  3. Aqoonsiga - ISP-yada iyo adeegyada qolo saddexaad waxay sidoo kale ilaalinayaan buundooyinka sumcadda cinwaanka IP-ga ee loo soo dirayo iimaylkaaga. Waxaa jira liisaska madow oo ISP-yadu ay isticmaali karaan si ay u xannibaan dhammaan iimaylkaga gebi ahaanba, ama waxaa laga yaabaa inaad leedahay sumcad liidata taas oo kuu horseedi karta inaad gasho galka junk. Waxaa jira tiro adeegyo ah oo aad u isticmaali karto si aad ula socoto sumcadda IP-gaaga… laakiin waxaan noqon lahaa xoogaa niyad-jab ah maadaama qaar badan aysan dhab ahaantii u lahayn aragti ku saabsan algorithms-yada ISP-yada kasta.

Xaqiijinta iimaylka

Hababka ugu wanaagsan ee lagu dhimi karo arrimo kasta oo meelaynta sanduuqa ah waa in la hubiyo inaad dejisay dhowr diiwaan oo DNS ah oo ISPs ay isticmaali karaan si ay u eegaan oo ay u hubiyaan in iimayllada aad direyso ay run ahaantii adiga soo dirtay ee ma aha qof iska dhigaya inuu yahay shirkaddaada. . Tan waxaa lagu sameeyaa dhowr heerar:

  • Qaabdhismeedka Siyaasadda Dirayaasha (SPF) - heerka ugu da'da weyn agagaarka, tani waa meesha aad ka diiwaan gashan tahay diiwaanka TXT ee diiwaangelinta domainkaaga (DNS) kaas oo sheegaya domain-yada ama ciwaanka IP-ga ee aad iimaylka uga dirayso shirkaddaada. Tusaale ahaan, waxaan u soo diraa iimayl Martech Zone ka Goobta Shaqada Google iyo ka Wareeg Press (ESP-gayga hadda ku jira beta). Waxaan haystaa plugin SMTP ah boggayga si aan sidoo kale ugu diro Google-ka, haddii kale waxaan lahaan lahaa ciwaanka IP-ga oo lagu daro kan sidoo kale.

v=spf1 include:circupressmail.com include:_spf.google.com ~all

  • DomainXaqiijinta Fariinta -ku-salaysan, Ka-warbixinta iyo Ku-dhaqanka (DMRC) – Heerkan cusub waxa ku dhex jira fure sir ah oo xaqiijin kara domain-kayga iyo soo-diraha labadaba. Fure kasta waxaa soo saaray soo-dirahayga, iyada oo la hubinayo in iimayllada uu soo diro spamer-ku-sheeggu aan la qaadi karin. Haddii aad isticmaalayso Google Workspace, waa kan sida loo sameeyo DMRC.
  • DomainKeys Boostada La Aqoonsaday (DKIM- Iyadoo la kaashanaysa diiwaanka DMRC, diiwaankani wuxuu ogeysiinayaa ISPs sida loola dhaqmo DMRC iyo xeerarka SPF iyo sidoo kale meesha laga soo diro warbixin kasta oo keenista. Waxaan rabaa in ISPs ay diidaan farriimaha aan dhaafin DKIM ama SPF, waxaanan rabaa inay u soo diraan warbixinnada ciwaanka emailka.

v=DMARC1; p=reject; rua=mailto:dmarc@martech.zone; adkim=r; aspf=s;

  • Tilmaamayaasha Calaamadaha Aqoonsiga Fariinta (BIMI- Ku-darka cusub, BIMI waxay siisaa hab loogu talagalay ISP-yada iyo codsiyadooda iimaylka si ay u muujiyaan astaanta astaanta gudaha macmiilka iimaylka. Waxaa jira halbeeg furan iyo sidoo kale labadaba heerka sir ah ee Gmail halkaas oo aad sidoo kale u baahan tahay shahaado sir ah. Shahaadooyinku aad bay qaali u yihiin markaa taas weli ma samaynayo.

v=BIMI1; l=https://martech.zone/logo.svg;a=self;

FIIRO GAAR AH: Haddii aad u baahan tahay caawimaad ku saabsan samaynta mid ka mid ah xaqiijinta iimaylkaaga, ha ka welwelin inaad la xiriirto shirkaddayda Highbridge. Waxaan leenahay koox ka mid ah khubarada suuqgeynta iimaylka iyo gaarsiinta taas ayaa caawin karta.

Sida Loo Xaqiijiyo Xaqiijinta Iimaylkaaga

Dhammaan macluumaadka isha, macluumaadka gudbinta, iyo macluumaadka ansaxinta ee la xidhiidha iimayl kasta waxa laga dhex helayaa madaxda fariimaha. Haddii aad tahay khabiir wax gaarsiinta, tarjumaada kuwani aad bay u fududahay… laakiin haddii aad tahay qof ku cusub, aad ayay u adag yihiin. Waa kan sida uu u eg yahay madaxa farriinta ee warsidahayaga, Waxaan meesha ka saaray qaar ka mid ah iimayllada jawaab-celinta tooska ah iyo macluumaadka ololaha:

Madaxa Fariinta - DKIM iyo SPF

Haddii aad akhrido, waxaad arki kartaa waxa ay yihiin sharciyada DKIM, haddii DMRC ay dhaafto (ma aysan dhicin) iyo in SPF ay gudubto… laakiin taasi waa shaqo badan. Waxaa jira xalin aad uga wanaagsan, in kastoo, taasna waa in la isticmaalo DKIMValidator. DKIMValidator waxa ay ku siinaysaa ciwaanka iimaylka oo aad ku dari karto liiska warsidahaaga ama aad ku soo diri karto iimaylka xafiiskaaga…

Marka hore, waxay ansixisay sirtayda DMRC iyo saxeexa DKIM si loo arko inay dhaaftay iyo in kale (ma dhacayso).

DKIM Information:
DKIM Signature

Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=circupressmail.com;
	s=cpmail; t=1643110423;
	bh=PTOH6xOB3+wFZnnY1pLaJgtpK9n/IkEAtaO/Xc4ruZs=;
	h=Date:To:From:Reply-to:Subject:List-Unsubscribe;
	b=HKytLVgsIfXxSHVIVurLQ9taKgs6hAf/s4+H3AjqE/SJpo+tamzS9AQVv3YOq1Nt/
	 o1mMOkAJN4HTt8JXDxobe6rJCia9bU1o7ygGEBY+dIIzAyURLBLo5RzyM+hI/X1BGc
	 jeA93dVXA+clBjIuHAM9t9LGxSri7B5ka/vNG3n8=


Signature Information:
v= Version:         1
a= Algorithm:       rsa-sha256
c= Method:          relaxed/relaxed
d= Domain:          circupressmail.com
s= Selector:        cpmail
q= Protocol:        
bh=                 PTOH6xOB3+wFZnnY1pLaJgtpK9n/IkEAtaO/Xc4ruZs=
h= Signed Headers:  Date:To:From:Reply-to:Subject:List-Unsubscribe
b= Data:            HKytLVgsIfXxSHVIVurLQ9taKgs6hAf/s4+H3AjqE/SJpo+tamzS9AQVv3YOq1Nt/
	 o1mMOkAJN4HTt8JXDxobe6rJCia9bU1o7ygGEBY+dIIzAyURLBLo5RzyM+hI/X1BGc
	 jeA93dVXA+clBjIuHAM9t9LGxSri7B5ka/vNG3n8=
Public Key DNS Lookup

Building DNS Query for cpmail._domainkey.circupressmail.com
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+D53OskK3EM/9R9TrX0l67Us4wBiErHungTAEu7DEQCz7YlWSDA+zrMGumErsBac70ObfdsCaMspmSco82MZmoXEf9kPmlNiqw99Q6tknblJnY3mpUBxFkEX6l0O8/+1qZSM2d/VJ8nQvCDUNEs/hJEGyta/ps5655ElohkbiawIDAQAB
Validating Signature

result = fail
Details: body has been altered

Kadib, waxay eegaysaa diiwaankayga SPF si ay u aragto inay dhaafto (ay samayso):

SPF Information:
Using this information that I obtained from the headers

Helo Address = us1.circupressmail.com
From Address = info@martech.zone
From IP      = 74.207.235.122
SPF Record Lookup

Looking up TXT SPF record for martech.zone
Found the following namesevers for martech.zone: ns57.domaincontrol.com ns58.domaincontrol.com
Retrieved this SPF Record: zone updated 20210630 (TTL = 600)
using authoritative server (ns57.domaincontrol.com) directly for SPF Check
Result: pass (Mechanism 'include:circupressmail.com' matched)

Result code: pass
Local Explanation: martech.zone: Sender is authorized to use 'info@martech.zone' in 'mfrom' identity (mechanism 'include:circupressmail.com' matched)
spf_header = Received-SPF: pass (martech.zone: Sender is authorized to use 'info@martech.zone' in 'mfrom' identity (mechanism 'include:circupressmail.com' matched)) receiver=ip-172-31-60-105.ec2.internal; identity=mailfrom; envelope-from="info@martech.zone"; helo=us1.circupressmail.com; client-ip=74.207.235.122

Ugu dambayntii, waxa ay i siisay aragti ku saabsan fariinta lafteeda iyo in nuxurku calaamadin karo qalabka lagu ogaado xatooyada qaarkood, hubinaya in aan ku jiro liiska madow iyo in kale, waxa ay ii sheegtaa in lagu taliyey in loo diro galka junk:

SpamAssassin Score: -4.787
Message is NOT marked as spam
Points breakdown: 
-5.0 RCVD_IN_DNSWL_HI       RBL: Sender listed at https://www.dnswl.org/,
                            high trust
                            [74.207.235.122 listed in list.dnswl.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
                            identical to background
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                            valid
 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
                            Colors in HTML
 0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid

Hubi inaad tijaabiso adeeg kasta oo ESP ama fariin dhinac saddexaad ah oo shirkaddaadu ka soo dirayso iimaylka si aad u hubiso in aqoonsigaaga iimaylka si sax ah loo habeeyey!

Ku tijaabi iimaylkaga Xaqiijiyaha DKIM

Shaacinta: Waxaan u isticmaalayaa xiriiriyaha ku xiran Goobta Shaqada Google ee maqaalkani.