Yadda Ake Tabbatar da Tabbatar da Imel ɗinku An saita daidai (DKIM, DMRC, SPF)

DKIM Validator DMRC SPF

Idan kana aika imel a kowane nau'i na ƙara, masana'anta ce inda aka zaci ka da laifi kuma dole ne ka tabbatar da rashin laifi. Muna aiki tare da kamfanoni da yawa waɗanda ke taimaka musu da ƙaura ta imel, ɗumamar IP, da batutuwan isarwa. Yawancin kamfanoni ba su ma gane cewa suna da matsala kwata-kwata.

Matsalolin Ganuwa na Isarwa

Akwai matsaloli uku marasa ganuwa tare da isar da imel waɗanda kasuwancin ba su sani ba:

  1. Izinin - Masu ba da sabis na imel (Esp) sarrafa izinin shiga… amma mai bada sabis na intanet (ISP) yana kula da ƙofa don adireshin imel ɗin da aka nufa. Yana da gaske m tsarin. Kuna iya yin komai daidai a matsayin kasuwanci don samun izini da adiresoshin imel, kuma ISP ba ta da masaniya kuma yana iya toshe ku ta wata hanya.
  2. Sanya Akwati - ESPs suna haɓaka babban isar da sako rates cewa su ne m m. Saƙon imel ɗin da aka tura kai tsaye zuwa babban fayil ɗin takarce kuma mai biyan kuɗin imel ɗin ku bai taɓa ganin shi ba ana isar da shi ta hanyar fasaha. Domin saka idanu da gaske saka akwatin saboxo, Dole ne ku yi amfani da jerin iri kuma ku je duba kowane ISP. Akwai ayyuka masu yin wannan.
  3. Amincewa - ISPs da sabis na ɓangare na uku kuma suna kula da ƙima don aika adireshin IP na imel ɗin ku. Akwai baƙaƙen lissafi waɗanda ISPs za su yi amfani da su don toshe duk imel ɗinku gaba ɗaya, ko kuna iya samun mummunan suna wanda zai sa ku kai ga babban fayil ɗin takarce. Akwai ayyuka da yawa da za ku iya amfani da su don saka idanu kan sunan IP ɗinku… amma zan zama ɗan rashin hankali tunda da yawa ba su da fahimi cikin kowane algorithms na ISPs.

Tabbatar da Imel

Mafi kyawun ayyuka don rage duk wata matsala ta sanya akwatin saƙo mai shiga ita ce tabbatar da cewa kun kafa adadin bayanan DNS waɗanda ISPs za su iya amfani da su don dubawa da kuma tabbatar da cewa imel ɗin da kuke aikawa da gaske kuke aikowa ba ta hanyar wani yana riya cewa kamfani ne na ku ba. . Ana yin hakan ta hanyoyi da yawa:

  • Tsarin Tsarin Sender (SPF) - mafi kyawun ma'auni a kusa, wannan shine inda kuke yin rajistar rikodin TXT akan rajistar yankinku (DNS) wanda ke bayyana menene yanki ko adiresoshin IP da kuke aika imel daga kamfanin ku. Misali, na aika imel don Martech Zone daga Wurin Aikin Google kuma daga CircuPress (ESP nawa a halin yanzu a cikin beta). Ina da plugin ɗin SMTP akan gidan yanar gizona don aikawa ta Google, in ba haka ba zan sami adireshin IP da aka haɗa akan wannan kuma.

v=spf1 include:circupressmail.com include:_spf.google.com ~all

  • domain- tushen Tabbatar da Saƙo, Rahoto da Amincewa (DMARC) - wannan sabon ma'aunin yana da maɓalli da aka rufaffen a ciki wanda zai iya inganta yankina da mai aikawa. Kowane maɓalli nawa ne ke samar da shi, yana tabbatar da cewa saƙon imel ɗin da mai saƙo ya aika ba zai iya yin ɓarna ba. Idan kana amfani da Google Workspace, ga yadda ake saita DMARC.
  • DomainKeys Gane Saƙon (DKIM) - Yin aiki tare da rikodin DMRC, wannan rikodin yana sanar da ISPs yadda za a bi da dokokin DMRC da SPF na da kuma inda zan aika kowane rahoton isarwa. Ina son ISPs su ƙi duk wani saƙon da bai wuce DKIM ko SPF ba, kuma ina so su aika da rahotanni zuwa adireshin imel ɗin.

v=DMARC1; p=reject; rua=mailto:dmarc@martech.zone; adkim=r; aspf=s;

  • Alamar Alamar Gano Saƙo (BIMI) - sabon ƙari, BIMI yana ba da hanya don ISPs da aikace-aikacen imel ɗin su don nuna alamar alamar a cikin abokin ciniki na imel. Akwai duka buɗaɗɗen ma'auni da kuma wani ma'aunin rufaffiyar ga Gmail inda kuke kuma buƙatar rufaffen satifiket. Takaddun shaida suna da tsada sosai don haka ba na yin hakan tukuna.

v=BIMI1; l=https://martech.zone/logo.svg;a=self;

NOTE: Idan kuna buƙatar taimako akan saita kowane ingantaccen imel ɗin ku, kada ku yi shakka a tuntuɓi kamfani na Highbridge. Muna da tawagar ƙwararrun tallan imel da isarwa wanda zai iya taimakawa.

Yadda Ake Tabbatar da Tabbatar da Imel ɗinku

Duk bayanan tushen, bayanan watsawa, da ingantaccen bayanin da ke da alaƙa da kowane imel ana samun su a cikin masu kai saƙon. Idan kai kwararre ne na ceto, fassarar waɗannan abu ne mai sauƙi… amma idan kai novice ne, suna da matuƙar wahala. Ga yadda taken saƙon ya yi kama da wasiƙarmu, Na yi watsi da wasu saƙon imel da bayanan yaƙin neman zaɓe:

Babban Saƙo - DKIM da SPF

Idan kun karanta ta hanyar, zaku iya ganin menene dokokin DKIM na, ko DMRC ta wuce (ba ta yi ba) kuma SPF ta wuce… amma wannan aiki ne mai yawa. Akwai mafita mafi kyau, kodayake, kuma shine a yi amfani da shi DKIMValidator. DKIMValidator yana ba ku adireshin imel wanda zaku iya ƙarawa zuwa jerin wasiƙarku ko aika ta imel ɗin ofis ɗinku… kuma suna fassara bayanin kan ku zuwa kyakkyawan rahoto:

Na farko, yana tabbatar da ɓoyayyen DMRC dina da sa hannun DKIM don ganin ko ya wuce ko a'a (ba zai yi ba).

DKIM Information:
DKIM Signature

Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=circupressmail.com;
	s=cpmail; t=1643110423;
	bh=PTOH6xOB3+wFZnnY1pLaJgtpK9n/IkEAtaO/Xc4ruZs=;
	h=Date:To:From:Reply-to:Subject:List-Unsubscribe;
	b=HKytLVgsIfXxSHVIVurLQ9taKgs6hAf/s4+H3AjqE/SJpo+tamzS9AQVv3YOq1Nt/
	 o1mMOkAJN4HTt8JXDxobe6rJCia9bU1o7ygGEBY+dIIzAyURLBLo5RzyM+hI/X1BGc
	 jeA93dVXA+clBjIuHAM9t9LGxSri7B5ka/vNG3n8=


Signature Information:
v= Version:         1
a= Algorithm:       rsa-sha256
c= Method:          relaxed/relaxed
d= Domain:          circupressmail.com
s= Selector:        cpmail
q= Protocol:        
bh=                 PTOH6xOB3+wFZnnY1pLaJgtpK9n/IkEAtaO/Xc4ruZs=
h= Signed Headers:  Date:To:From:Reply-to:Subject:List-Unsubscribe
b= Data:            HKytLVgsIfXxSHVIVurLQ9taKgs6hAf/s4+H3AjqE/SJpo+tamzS9AQVv3YOq1Nt/
	 o1mMOkAJN4HTt8JXDxobe6rJCia9bU1o7ygGEBY+dIIzAyURLBLo5RzyM+hI/X1BGc
	 jeA93dVXA+clBjIuHAM9t9LGxSri7B5ka/vNG3n8=
Public Key DNS Lookup

Building DNS Query for cpmail._domainkey.circupressmail.com
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+D53OskK3EM/9R9TrX0l67Us4wBiErHungTAEu7DEQCz7YlWSDA+zrMGumErsBac70ObfdsCaMspmSco82MZmoXEf9kPmlNiqw99Q6tknblJnY3mpUBxFkEX6l0O8/+1qZSM2d/VJ8nQvCDUNEs/hJEGyta/ps5655ElohkbiawIDAQAB
Validating Signature

result = fail
Details: body has been altered

Sannan, yana duba rikodin SPF dina don ganin ko ya wuce (yana aikata):

SPF Information:
Using this information that I obtained from the headers

Helo Address = us1.circupressmail.com
From Address = info@martech.zone
From IP      = 74.207.235.122
SPF Record Lookup

Looking up TXT SPF record for martech.zone
Found the following namesevers for martech.zone: ns57.domaincontrol.com ns58.domaincontrol.com
Retrieved this SPF Record: zone updated 20210630 (TTL = 600)
using authoritative server (ns57.domaincontrol.com) directly for SPF Check
Result: pass (Mechanism 'include:circupressmail.com' matched)

Result code: pass
Local Explanation: martech.zone: Sender is authorized to use 'info@martech.zone' in 'mfrom' identity (mechanism 'include:circupressmail.com' matched)
spf_header = Received-SPF: pass (martech.zone: Sender is authorized to use 'info@martech.zone' in 'mfrom' identity (mechanism 'include:circupressmail.com' matched)) receiver=ip-172-31-60-105.ec2.internal; identity=mailfrom; envelope-from="info@martech.zone"; helo=us1.circupressmail.com; client-ip=74.207.235.122

Kuma a ƙarshe, yana ba ni haske game da saƙon da kansa da kuma ko abubuwan da ke ciki na iya ƙaddamar da wasu kayan aikin gano SPAM, bincika don ganin ko ina cikin jerin baƙaƙe, kuma ya gaya mani ko an ba da shawarar a aika zuwa babban fayil ɗin takarce ko a'a:

SpamAssassin Score: -4.787
Message is NOT marked as spam
Points breakdown: 
-5.0 RCVD_IN_DNSWL_HI       RBL: Sender listed at https://www.dnswl.org/,
                            high trust
                            [74.207.235.122 listed in list.dnswl.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
                            identical to background
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                            valid
 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
                            Colors in HTML
 0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid

Tabbatar gwada kowane sabis na saƙon ESP ko na ɓangare na uku waɗanda kamfanin ku ke aika imel daga gare su don tabbatar da ingantaccen saitin Imel ɗin ku!

Gwada Imel ɗinku Tare da Mai tabbatarwa DKIM

Bayyanawa: Ina amfani da hanyar haɗin alaƙata na don Wurin Aikin Google a cikin wannan labarin.