SPF通过gmail正文/在google邮局失败

Question

我正在使用第三方电子邮件发送邮件，并配置了我的域www.styleupdates.co包括从他们的SPF记录。第三方电子邮件显示我们的SPF记录正常，发送给gmail的电子邮件也显示SPF通过身体。但在谷歌的邮政工具中，我的域名邮件的SPF认证失败了。

如上图所示- DKIM是有效的，但不是SPF。

邮件-tester.com结果

我还附上了我们通过发送邮件从邮件测试器获得的结果的图像。邮件测试显示SPF和DKIM确定，但没有DMARC。其他认证看起来也不错。因此，DKIM & SPF记录确实存在于我们的域名。

以下邮件标题截图-

附加我有问题的邮件的标题

Delivered-To: reciever@gmail.com
Received: by 10.37.128.144 with SMTP id n16csp204841ybk;
Mon, 22 May 2017 03:09:59 -0700 (PDT)
X-Received: by 10.223.153.181 with SMTP id y50mr10793028wrb.41.1495447799437;
        Mon, 22 May 2017 03:09:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1495447799; cv=none;
        d=google.com; s=arc-20160816;
        b=jR65lEEdRaQ4M2xmeNxaCBq/c+5d1KbvQ4CSQUzdtsaZVS7ZBYFarG2b3FEsR8uINB
         5xvJy/DKVjgqfBHLSRNtAef4puwfZJwWTOXktWSf0/a9oIWx2bh3wGsyT/Yjglk7Zrq2
         TSFS7xDAAGtQsv4+jJ/pO/JMfoH5abq+YyXdS3buxZ7J6ilQwfpLKH+ayrwR/jiGl1Ec
         598e4X6H449qVOItmGrb8Dq5SFiIJWQheWYiMEEXrSTVknzlZe0E1F+k+xsEQEnnbiif
         szmml5vbYulRP/fdc6WYUP4z3yQxj3n6uMj9lDBPBqIhaOUayV2yMmp/bh3LoMsg5ZZc
         T+Ug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:precedence:list-unsubscribe:list-id:date
         :subject:to:reply-to:from:mime-version:message-id
         :domainkey-signature:dkim-signature:arc-authentication-results;
        bh=raKzdgPcSVRNwNmew4PEt+UNx4UiRM1tL8RVngiKXV0=;
        b=k4XnFTCDquva32Z0YVVcIzV5sYuvWoyw8tDo+4g0mKxZPa+kQsXljEd3wb5bjzvmEi
         aZUBjZTQOWY/TLYpKEdzqaE8a6yP8QpxD0M52uhZA/j9GD2VaP0cLhbT68NRC1czS/3B
         F/ofJXnxoU3266eNxliLYb8qdCdCvMZwW/ml1n6+buoOvZHAzGNOLtTW9yAT5XqOZMQX
         IQ53gF7QUpvLVZL7kvLZ6uxVweSoeSiXh9Yh7JhOvTFAtnxslhiG6FVJlAXz2P1vK5vP
         LQp1AJjVk5AthpPDntyQKGSO54gK/JaoXXaZnDERqBc6iG2uTeykLZJIcCrZHbpkvBQ2
         UIcg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@styleupdates.co;
       spf=pass (google.com: domain of b8449512.aesaaghgqumaaaajkycaaaajii8aaaaakreaaaoaaahstqbzirj5@xyz.espdomain.com designates XX.XXX.233.167 as permitted sender) smtp.mailfrom=b8449512.AEsAAGhGquMAAAAJkycAAAAJiI8AAAAAKREAAAOAAAhstQBZIrj5@xyz.espdomain.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=styleupdates.co
Return-Path: <b8449512.AEsAAGhGquMAAAAJkycAAAAJiI8AAAAAKREAAAOAAAhstQBZIrj5@xyz.espdomain.com>
Received: from o167.p8.mailjet.com (o167.p8.mailjet.com. [XX.XXX.233.167])
        by mx.google.com with ESMTPS id g7si94075wrg.68.2017.05.22.03.09.59
        for <reciever@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 22 May 2017 03:09:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of b8449512.aesaaghgqumaaaajkycaaaajii8aaaaakreaaaoaaahstqbzirj5@xyz.espdomain.com designates XX.XXX.233.167 as permitted sender) client-ip=XX.XXX.233.167;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@styleupdates.co;
       spf=pass (google.com: domain of b8449512.aesaaghgqumaaaajkycaaaajii8aaaaakreaaaoaaahstqbzirj5@xyz.espdomain.com designates XX.XXX.233.167 as permitted sender) smtp.mailfrom=b8449512.AEsAAGhGquMAAAAJkycAAAAJiI8AAAAAKREAAAOAAAhstQBZIrj5@xyz.espdomain.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=styleupdates.co
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; q=dns/txt;
  d=styleupdates.co; i=only@styleupdates.co; s=mailjet;
  h=domainkey-signature:message-id:mime-version:from:reply-to:to:subject:date:list-id:list-unsubscribe:
  precedence:x-csa-complaints:x-feedback-id:x-mj-mid:content-type:content-transfer-encoding;
  bh=9ccfNUbYCGFDKDbtTKzdcPmYng0=;
  b=sh2iXOwf6u7CICMFgWSMdLN+w8iN+yzy5tYugLKxqJPiQIuLCPirfYdJZ HK855coki37OUnP0S0y6LTGZhkS5SlfnN29kmqigU9PTYzB21MWSz5MRwO74 OHmrr99eCTnWXELxZw7uzJXF63V4Z96RTRyWhXIgnuyOUQtXl9Z3cU=
DomainKey-Signature: a=rsa-sha1; c=simple; q=dns;
  d=styleupdates.co; s=mailjet;
  h=message-id:mime-version:from:reply-to:to:subject:date:list-id:list-unsubscribe:
  precedence:x-csa-complaints:x-feedback-id:x-mj-mid:content-type:content-transfer-encoding;
  b=FKzkLJqnzLlfTTA4dN0czHSIl0xWbDQ3XhfJjbPjl/fhFAqfoIfT1NK6F XlTn8zScoH6nPgXVBiWJOXbFTpPqm5gpcFjfDuvAFyY/E5c/uhPzHugP7+tH LZV/eaXjxGsgrCYfHYuVTzIB+Ak2/Xp6v0JgDokvJ7yiyV+9ra6eaM=
Message-Id: <b8449512.AEsAAGhGquMAAAAJkycAAAAJiI8AAAAAKREAAAOAAAhstQBZIrj5@mailjet.com>
MIME-Version: 1.0
From: Sender <Sender@styleupdates.co>
Reply-To: sender @styleupdates.co
To: reciever@gmail.com
Subject: interesting Subject
Date: Mon, 22 May 2017 10:10:01 +0000
List-Id: <sender.styleupdates.co.xxxx.xx>
List-Unsubscribe: <mailto:xxxxxx@xyz.espdomain.com>
Precedence: bulk
X-CSA-Complaints: whitelist-complaints@eco.de
X-Feedback-Id: XXXXXXXXX:XX
X-XX-Mid: AEsAAGhGquM XXXXXXXXX XXXXXXXXX XXXXXXXXX AAAOAAAhstQBZIrj5k16OnCF1Tvabc3vSUVRKJwAIAgU
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Answer 1

将我的域www.styleupdates.co配置为包含它们的SPF记录。

不，你没有：

$ dig www.styleupdates.co TXT

; <<>> DiG 9.10.3-P4-Debian <<>> www.styleupdates.co TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20064
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.styleupdates.co.           IN      TXT

;; AUTHORITY SECTION:
styleupdates.co.        3594    IN      SOA     dns1.registrar-servers.com. hostmaster.registrar-servers.com. 2017100300 43200 3600 604800 3601

;; Query time: 207 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 05 13:21:26 AEDT 2017
;; MSG SIZE  rcvd: 121

除此之外，如果没有看到整个邮件标题，就不可能确切地说出发生了什么。

Answer 2

在您提供的标题中，Authentication-Results看起来很好。我不认为这组标题证明了你的问题？

老实说，我无法弄清楚你是如何引导你的测试来解释不同结果的。你给一堆不同的系统发了邮件。到底是怎么回事？那些电子邮件是什么样子的？从哪里，从什么地址发送的？

一般来说，如果DKIM和SPF通过，但不是DMARC，那么我首先要寻找的是域对齐。通过SPF和DKIM测试的域是否与From MIME标头中的域匹配？

清单中存在的ARC*头很有趣。我希望谷歌不会添加这些信息，除非它转发了这封电子邮件。它们的存在是为了处理当转发的电子邮件来自新服务器(破坏SPF)和/或修改了内容时出现的问题--比如邮件列表在主题标题中放置了标签，并在正文文本的底部添加了取消订阅链接(断开DKIM)。弧形是有趣的，不会伤害，但只有当接收到的邮件服务器识别它时，它才能提供帮助。

续

DMARC只识别SPF的通行证，如果它是来自报头的域。styleupdates.co的SPF记录包括spf.mailjet.com，所以在给出标题的示例中，这看起来还可以，但这就是我们所知道的传递(谷歌是这么说的)。

我想知道直接发送到mail-tester.com的IP是什么？看起来mailjet.com正在针对您的域名进行DKIM签名，谷歌很高兴它是正确的。所以你的考试中发生了什么不同的事情吗？你确定这封邮件是直接从mailjet.com发送到mail-tester.com的吗？

在mail-tester.com的结果页面中，我会点击其中一些+标记，以获得更多关于执行的DKIM、SPF和DMARC测试的信息。看起来你还可以打开更多关于收到的消息的信息吗？