Fatal编程技术网
  • email/
  • Email 即使域上设置了SPF和DKIM,钓鱼电子邮件如何通过?

Email 即使域上设置了SPF和DKIM,钓鱼电子邮件如何通过?

email gmail

Email 即使域上设置了SPF和DKIM,钓鱼电子邮件如何通过?,email,gmail,mailgun,spf,dkim,Email,Gmail,Mailgun,Spf,Dkim,我试图了解SPF和DKIM是如何工作的(但失败了) 我有一个域,它使用Mailgun并包含这些TXT DNS记录,v=spf1包括:Mailgun.org-all和v=DKIM1;k=rsa;p=**pubkey**。Mailgun然后将电子邮件发送到我的Gmail帐户 有一天,我在Gmail中收到了一封网络钓鱼邮件,据称来自py@hms.harvard.edu,我惊讶地发现它是一个majlovesreg.one域。检查原始邮件表明,该电子邮件来源于newsgw.dd24.net(后缀)的WIN

我试图了解SPF和DKIM是如何工作的(但失败了)

我有一个域,它使用Mailgun并包含这些TXT DNS记录,
v=spf1包括:Mailgun.org-all
v=DKIM1;k=rsa;p=**pubkey**
。Mailgun然后将电子邮件发送到我的Gmail帐户

有一天,我在Gmail中收到了一封网络钓鱼邮件,据称来自
py@hms.harvard.edu
,我惊讶地发现它是一个
majlovesreg.one
域。检查原始邮件表明,该电子邮件来源于newsgw.dd24.net(后缀)的
WIN-ESHJO5UV0E0(未知[188.209.52.55])。然而,谷歌的
ARC认证结果显示,该电子邮件同时通过了SPF和DKIM检查

问题:此电子邮件如何通过SPF?它怎么可能也通过DKIM呢

以下是原始电子邮件,以供参考:


Delivered-To: #####@gmail.com
Received: by 2002:a2e:6550:0:0:0:0:0 with SMTP id z77csp1970412ljb;
        Sat, 14 Sep 2019 06:12:14 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyy+BjN8TgEiJWD+O7IKWD/n0532Fxhp+f+75ffu4u0JU1esXRPEme/DcG7RaYnlDiaMUW8
X-Received: by 2002:a9d:3f26:: with SMTP id m35mr46049370otc.66.1568466733949;
        Sat, 14 Sep 2019 06:12:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1568466733; cv=none;
        d=google.com; s=arc-20160816;
        b=KDIT95EakaPqwYj0OF6116ReXWrEwoqTDfWySmCU35uwaP1F09vv/zAsThE/ziMF9h
         iXFoXiNdBH2kGE1iGufqDyK/zm7AUsDRTLdFi5lRG3r326P2HylYdU7K6tnzwIOv/v+E
         meyuyWNVShq3nTKZEyiDBJg2pnoMrSOrNTghmnD2txnvvEmyLqiAE1MwHWI1AmedBTQ8
         xR0XS2DSsEr066m+5Iu2Yb3bjJIQNu1/8tcL6g+dy9XgQXagj3gdmKQoZKfOgK4K8b/g
         PUynWvl0on1vauSG72JfucvljjgdWuVSHAKDAepVm4EpdCEcdV41mv74Q/FQfrB1KAyh
         ZfwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:subject:date:reply-to:to:from
         :mime-version:message-id:dkim-signature;
        bh=BsvrE3YWQDLvlA2k8W+wWmeOBtVwF3r0DTyYJGWVUkc=;
        b=aLF5hABuvBtaw58MtyXDMyjkhZiCSlp/1Hn5Cv9pHDLTvFTlwVRSCBy1B3sjQEzdiy
         LYRXcb5Ne/aii7bBxFSnkZRv5wt+csct6lGJ1BjEXL2rU3ZXF1CZQDMhS+Lge2jle8pO
         6n2eZ/9bQlWnzIgO95NG/mD0+eMJt2j43eC8JRcMYIYB480xEOENTb5Tv8isqvOnV7P6
         3cI3rctDup6kDv1jYXNkNuwSdk4f3BDfbMt5YQoJIeT3gdSI3jcC/0VCGzRb7yQ66uLL
         gfjKKpUuLnwB9CvoOdRMr7uJViLmO9rBoKn7MuRzz2wo/e5L5I7pieJrslsSQYGO7EYG
         Df2A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@majlovesreg.one header.s=k1 header.b=IcrRZKl9;
       spf=pass (google.com: domain of bounce+120cd3.e8b324-#####=gmail.com@majlovesreg.one designates 69.72.42.1 as permitted sender) smtp.mailfrom="bounce+120cd3.e8b324-#####=gmail.com@majlovesreg.one"
Return-Path: <bounce+120cd3.e8b324-#####=gmail.com@majlovesreg.one>
Received: from m42-1.mailgun.net (m42-1.mailgun.net. [69.72.42.1])
        by mx.google.com with UTF8SMTPS id h16si3134596oie.262.2019.09.14.06.12.12
        for <#####@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sat, 14 Sep 2019 06:12:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of bounce+120cd3.e8b324-#####=gmail.com@majlovesreg.one designates 69.72.42.1 as permitted sender) client-ip=69.72.42.1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@majlovesreg.one header.s=k1 header.b=IcrRZKl9;
       spf=pass (google.com: domain of bounce+120cd3.e8b324-#####=gmail.com@majlovesreg.one designates 69.72.42.1 as permitted sender) smtp.mailfrom="bounce+120cd3.e8b324-#####=gmail.com@majlovesreg.one"
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=majlovesreg.one; q=dns/txt; s=k1; t=1568466733; h=Content-Transfer-Encoding: Content-Type: Subject: Date: Reply-To: To: From: MIME-Version: Message-Id; bh=BsvrE3YWQDLvlA2k8W+wWmeOBtVwF3r0DTyYJGWVUkc=; b=IcrRZKl90xBY0yfOeKwqDhszwGRipiYn+KphrsykgMkctgkr2oRQ++eHjHm49YdfeHDoq0vu 7NV0/kpVaYewb0NWBAxDu8cTC2lU1g/+HOA0d/uA+R4p4BBc24TazKfhU3p+BrtOBD6PfqIl qtjepy/cO+127GcSAg6uWxVXKUA=
X-Mailgun-Sending-Ip: 69.72.42.1
X-Mailgun-Incoming: Yes
Message-Id: <20190914131206.1.5A38D163B017E082@hms.harvard.edu>
X-Envelope-From: <py@hms.harvard.edu>
Received: from newsgw-02.dd24.net (newsgw-02.dd24.net [193.46.215.84]) by mxa.mailgun.org with ESMTP id 5d7ce726.7f54a6062110-smtp-in-n01; Sat, 14 Sep 2019 13:12:06 -0000 (UTC)
Received: from WIN-ESHJO5UV0E0 (unknown [188.209.52.55]) by newsgw.dd24.net (Postfix) with ESMTPA id 1C9095FE52 for <#####@majlovesreg.one>; Sat, 14 Sep 2019 13:11:49 +0000 (UTC)
MIME-Version: 1.0
From: Monika Majewska <py@hms.harvard.edu>
To: #####@majlovesreg.one
Reply-To: manager@azibulon-group.com
Date: 14 Sep 2019 06:12:04 -0700
Subject: New Order Inquiry
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

<P>Hello,</P>
<P>We have sent several emails to you, but no response</P>
<P>Please let me know if #####@majlovesreg.one is the correct email to place =
an order</P>
<P>I'm sorry for any inconvenience, if it's not your sales email, let me kn=
ow and i won't send any more email.</P>
<P>Hope to get your response this time.</P>
<P><SPAN style=3D'FONT-SIZE: 13px; FONT-FAMILY: "Helvetica Neue", "Segoe UI=
", Helvetica, Arial, "Lucida Grande", sans-serif; WHITE-SPACE: normal; WORD=
-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; FONT-WEIGHT: 700; COLOR: =
rgb(29,34,40); FONT-STYLE: normal; TEXT-ALIGN: left; ORPHANS: 2; WIDOWS: 2;=
 DISPLAY: inline !important; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(=
255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-varian=
t-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-style: init=
ial; text-decoration-color: initial'>Monika Majewska</SPAN></P>
<P>Sales Manager | Europe Region<BR>Azibulon Group<BR>Tel.:&nbsp; +49 901-9=
29-3401 - Ext.3<BR>Fax.: +49 901-929-3402</P>



发送至:######@gmail.com
收到:截止2002年:a2e:6550:0:0:0:0,SMTP id为z77csp1970412ljb;
2019年9月14日星期六06:12:14-0700(PDT)
X-Google-Smtp-Source:APXvYqyy+BjN8TgEiJWD+O7IKWD/n0532Fxhp+f+75ffu4u0JU1esXRPEme/DCG7RAYNLDIAMU8
X-Received:by 2002:a9d:3f26::SMTP id为m35mr46049370otc.66.156846673949;
2019年9月14日星期六06:12:13-0700(PDT)
电弧密封:i=1;a=rsa-sha256;t=1568466733;cv=无;
d=google.com;s=arc-20160816;
b=KDIT956116REXWREWOQTDFWYSMCU35UWAP1F09VV/zAsThE/ziMF9h的峰值
iXFoXiNdBH2kGE1iGufqDyK/ZM7AUSDRTLDF5LRG3R326P2HYLYDU7K6TNZWIOV/v+E
MEYUYWNVSHQ3NTKZEYIDBJG2NOMRSORTGHMMND2TXNVVEMYLCIAE1MWHWI1AMEDBTQ8
xR0XS2DSsEr066m+5Iu2Yb3bjJIQNu1/8tcL6g+dy9XgQXagj3gdmKQoZKfOgK4K8b/g
PUYNWVL0ON1VAUSG72JFUCVLJJGDWUVSHAKDAEPM4EPDCECDV41MV74Q/FQfrB1KAyh
ZfwQ==
ARC报文签名:i=1;a=rsa-sha256;c=放松/放松;d=google.com;s=arc-20160816;
h=内容传输编码:主题:日期:回复:收件人:发件人
:mime版本:消息id:dkim签名;
bh=BsvrE3YWQDLvlA2k8W+wWmeOBtVwF3r0DTyYJGWVUkc=;
b=aLF5hABuvBtaw58MtyXDMyjkhZiCSlp/1HN5CV9PHDLTVTFTLWVRSCBY1B3SJQEZDIY
LYRXcb5Ne/aii7bBxFSnkZRv5wt+csct6lGJ1BjEXL2rU3ZXF1CZQDMhS+Lge2jle8pO
6n2eZ/9bQlWnzIgO95NG/mD0+EMJT2J43EC8JRCMYYB480XeoentB5TV8ISQVONV7P6
3ci3rctdup6kdv1jxnknuwsdk4f3bdfbmt5yqojiet3gdsi3jcc/0VCGzRb7yQ66uLL
gfjKKpUuLnwB9CvoOdRMr7uJViLmO9rBoKn7MuRzz2wo/E5L5I7PIEJRSQYGO7EYG
Df2A==
ARC认证结果:i=1;mx.google.com;
dkim=passheader.i=@majlovesreg.one header.s=k1 header.b=IcrRZKl9;
spf=pass(google.com:domain of bounce+120cd3.e8b324-#####=gmail。com@majlovesreg.one指定69.72.42.1为允许的发件人)smtp.mailfrom=“bounce+120cd3.e8b324-#####=gmail。com@majlovesreg.one"
返回路径:
收到:来自m42-1.mailgun.net(m42-1.mailgun.net。[69.72.42.1])
通过mx.google.com使用UTF8SMTPS id h16si3134596oie.262.2019.09.14.06.12.12
对于
(版本=TLS1_2密码=ECDHE-RSA-AES128-GCM-SHA256位=128/128);
2019年9月14日星期六06:12:13-0700(PDT)
收到SPF:pass(google.com:domain of bounce+120cd3.e8b324-#####=gmail。com@majlovesreg.one指定69.72.42.1为允许的发送方)客户端ip=69.72.42.1;
认证结果:mx.google.com;
dkim=passheader.i=@majlovesreg.one header.s=k1 header.b=IcrRZKl9;
spf=pass(google.com:domain of bounce+120cd3.e8b324-#####=gmail。com@majlovesreg.one指定69.72.42.1为允许的发件人)smtp.mailfrom=“bounce+120cd3.e8b324-#####=gmail。com@majlovesreg.one"
DKIM签名:a=rsa-sha256;v=1;c=放松/放松;d=主爱,如1;q=dns/txt;s=k1;t=1568466733;h=内容传输编码:内容类型:主题:日期:回复:收件人:发件人:MIME版本:消息Id;bh=BsvrE3YWQDLvlA2k8W+wWmeOBtVwF3r0DTyYJGWVUkc=;b=IcrRZKl90xBY0yfOeKwqDhszwGRipiYn+KphrsykgMkctgkr2oRQ++eHjHm49YdfeHDoq0vu 7NV0/kpVaYewb0NWBAxDu8cTC2lU1g/+HOA0d/uA+R4p4BBc24TazKfhU3p+brtob6pfqil qtjepy/cO+127GcSAg6uWxVXKUA=
X-Mailgun-Sending-Ip:69.72.42.1
X-Mailgun-Incoming:是的
消息Id:
X-信封-发件人:
接收:由mxa.mailgun.org以ESMTP id 5d7ce726.7f54a6062110-smtp-in-n01从newsgw-02.dd24.net(newsgw-02.dd24.net[193.46.215.84])接收;2019年9月14日星期六13:12:06-0000(UTC)
接收:来自WIN-ESHJO5UV0E0(未知[188.209.52.55]),由newsgw.dd24.net(后缀)发送,ESMTPA id为1C9095FE52,用于:;2019年9月14日星期六13:11:49+0000(UTC)
MIME版本:1.0
发件人:莫妮卡·马耶斯卡
致:######@majlovesreg.one
答复:manager@azibulon-集团网站
日期:2019年9月14日06:12:04-0700
主题:新订单查询
内容类型:text/html;字符集=美国ascii码
内容传输编码:引用可打印

 您好,


 我们已向您发送了几封电子邮件,但没有回复


 请让我知道#######@majlovesreg.one是否是正确的电子邮件地址=
订单


 很抱歉给您带来不便,如果不是您的销售电子邮件,请告诉我=
现在,我将不再发送任何电子邮件。


 希望这次能得到您的回复。


 莫妮卡·马耶夫斯卡


 销售经理|欧洲地区
阿齐布隆集团
电话:+49 901-9=
29-3401-分机3传真:+49 901-929-3402

奇数。也许发件人也在使用mailgun,虽然mailgun对您作为发件人是合法的,但您允许他们通过SPF为您发送邮件,并且他们为您进行DKIM签名这一事实表明,mailgun可能不会将这些权限与mailgun的其他用户分开。我建议询问邮枪的支持。我还建议将您的SPF默认机制更改为
~all
,并使用
p=reject
设置DMARC记录,以便您也可以强制执行头匹配-这将防止出现这种情况