什么是DMARC?
Automate
1 min read
什么是DMARC?
Automate
1 min read
基于域的邮件认证、报告和符合性,或称为 DMARC,是一种技术标准,旨在帮助保护电子邮件发送者和接收者免受垃圾邮件、欺骗和网络钓鱼的攻击。
基于域的邮件认证、报告和符合性,或称为 DMARC,是一种技术标准,旨在帮助保护电子邮件发送者和接收者免受垃圾邮件、欺骗和网络钓鱼的攻击。
基于域的邮件认证、报告和符合性,或称为 DMARC,是一种技术标准,旨在帮助保护电子邮件发送者和接收者免受垃圾邮件、欺骗和网络钓鱼的攻击。
理解DMARC
基于域的邮件身份验证、报告和一致性,或称为 DMARC,是一个技术标准,用于帮助保护电子邮件发送者和接收者免受垃圾邮件、伪造和网络钓鱼的攻击。 DMARC 允许组织发布政策,定义其 电子邮件身份验证 实践,并为接收邮件服务器提供如何执行这些政策的指示。在这一期的 “DMARC 解释”中,您将了解什么是 DMARC 及其工作原理。
具体来说, DMARC 建立了一种方法,让域名所有者可以:
发布其电子邮件身份验证实践
声明应对未通过身份验证检查的邮件采取的 行动
允许报告针对声称来自其域的邮件所采取的这些行动
DMARC 本身并不是一种电子邮件身份验证协议,但它建立在关键的身份验证标准 SPF 和 DKIM之上。借助这些标准,它补充了用于发送电子邮件的基本协议 SMTP,因为 SMTP 本身并不包含实现或定义电子邮件身份验证政策的机制。
基于域的邮件身份验证、报告和一致性,或称为 DMARC,是一个技术标准,用于帮助保护电子邮件发送者和接收者免受垃圾邮件、伪造和网络钓鱼的攻击。 DMARC 允许组织发布政策,定义其 电子邮件身份验证 实践,并为接收邮件服务器提供如何执行这些政策的指示。在这一期的 “DMARC 解释”中,您将了解什么是 DMARC 及其工作原理。
具体来说, DMARC 建立了一种方法,让域名所有者可以:
发布其电子邮件身份验证实践
声明应对未通过身份验证检查的邮件采取的 行动
允许报告针对声称来自其域的邮件所采取的这些行动
DMARC 本身并不是一种电子邮件身份验证协议,但它建立在关键的身份验证标准 SPF 和 DKIM之上。借助这些标准,它补充了用于发送电子邮件的基本协议 SMTP,因为 SMTP 本身并不包含实现或定义电子邮件身份验证政策的机制。
基于域的邮件身份验证、报告和一致性,或称为 DMARC,是一个技术标准,用于帮助保护电子邮件发送者和接收者免受垃圾邮件、伪造和网络钓鱼的攻击。 DMARC 允许组织发布政策,定义其 电子邮件身份验证 实践,并为接收邮件服务器提供如何执行这些政策的指示。在这一期的 “DMARC 解释”中,您将了解什么是 DMARC 及其工作原理。
具体来说, DMARC 建立了一种方法,让域名所有者可以:
发布其电子邮件身份验证实践
声明应对未通过身份验证检查的邮件采取的 行动
允许报告针对声称来自其域的邮件所采取的这些行动
DMARC 本身并不是一种电子邮件身份验证协议,但它建立在关键的身份验证标准 SPF 和 DKIM之上。借助这些标准,它补充了用于发送电子邮件的基本协议 SMTP,因为 SMTP 本身并不包含实现或定义电子邮件身份验证政策的机制。
DMARC 是如何工作的?
DMARC relies on the established SPF and DKIM standards for email authentication. It also piggybacks on the well-established Domain Name System (DNS). In general terms, the process of DMARC validation works like this:
A domain administrator publishes the policy defining its email authentication practices and how receiving mail servers should handle mail that violates this policy. This DMARC policy is listed as part of the domain’s overall DNS records.
When an inbound mail server receives an incoming email, it uses DNS to look up the DMARC policy for the domain contained in the message’s “From” (RFC 5322) header. The inbound server then checks evaluates the message for three key factors:
Does the message’s DKIM signature validate?
Did the message come from IP addresses allowed by the sending domain’s SPF records?
Do the headers in the message show proper “domain alignment”?
With this information, the server is ready to apply the sending domain’s DMARC policy to decide whether to accept, reject, or otherwise flag the email message.
After using DMARC policy to determine the proper disposition for the message, the receiving mail server will report the outcome to the sending domain owner.
DMARC relies on the established SPF and DKIM standards for email authentication. It also piggybacks on the well-established Domain Name System (DNS). In general terms, the process of DMARC validation works like this:
A domain administrator publishes the policy defining its email authentication practices and how receiving mail servers should handle mail that violates this policy. This DMARC policy is listed as part of the domain’s overall DNS records.
When an inbound mail server receives an incoming email, it uses DNS to look up the DMARC policy for the domain contained in the message’s “From” (RFC 5322) header. The inbound server then checks evaluates the message for three key factors:
Does the message’s DKIM signature validate?
Did the message come from IP addresses allowed by the sending domain’s SPF records?
Do the headers in the message show proper “domain alignment”?
With this information, the server is ready to apply the sending domain’s DMARC policy to decide whether to accept, reject, or otherwise flag the email message.
After using DMARC policy to determine the proper disposition for the message, the receiving mail server will report the outcome to the sending domain owner.
DMARC relies on the established SPF and DKIM standards for email authentication. It also piggybacks on the well-established Domain Name System (DNS). In general terms, the process of DMARC validation works like this:
A domain administrator publishes the policy defining its email authentication practices and how receiving mail servers should handle mail that violates this policy. This DMARC policy is listed as part of the domain’s overall DNS records.
When an inbound mail server receives an incoming email, it uses DNS to look up the DMARC policy for the domain contained in the message’s “From” (RFC 5322) header. The inbound server then checks evaluates the message for three key factors:
Does the message’s DKIM signature validate?
Did the message come from IP addresses allowed by the sending domain’s SPF records?
Do the headers in the message show proper “domain alignment”?
With this information, the server is ready to apply the sending domain’s DMARC policy to decide whether to accept, reject, or otherwise flag the email message.
After using DMARC policy to determine the proper disposition for the message, the receiving mail server will report the outcome to the sending domain owner.
什么是 DMARC 记录?
DMARC 记录包含在组织的 DNS 数据库中。DMARC 记录是标准 DNS TXT 记录的特别格式版本,具有特定名称,即 “_dmarc.mydomain.com”(请注意前导下划线)。DMARC 记录看起来类似于以下内容:_dmarc.mydomain.com. IN TXT “v=DMARC1\; p=none\; rua=mailto:dmarc-aggregate@mydomain.com\; ruf=mailto:dmarc-afrf@mydomain.com\; pct=100”
从左到右阅读这个记录,简单地说:
v=DMARC1 指定 DMARC 版本
p=none 指定首选处理或 DMARC 策略
rua=mailto:dmarc-aggregate@mydomain.com 是发送汇总报告的邮箱
ruf=mailto:dmarc-afrf@mydomain.com 是发送取证报告的邮箱
pct=100 是域名所有者希望将其政策应用于的邮件百分比
额外的 配置选项 也可供域名所有者在其 DMARC 政策记录中使用,但这些是基本信息。
DMARC 记录包含在组织的 DNS 数据库中。DMARC 记录是标准 DNS TXT 记录的特别格式版本,具有特定名称,即 “_dmarc.mydomain.com”(请注意前导下划线)。DMARC 记录看起来类似于以下内容:_dmarc.mydomain.com. IN TXT “v=DMARC1\; p=none\; rua=mailto:dmarc-aggregate@mydomain.com\; ruf=mailto:dmarc-afrf@mydomain.com\; pct=100”
从左到右阅读这个记录,简单地说:
v=DMARC1 指定 DMARC 版本
p=none 指定首选处理或 DMARC 策略
rua=mailto:dmarc-aggregate@mydomain.com 是发送汇总报告的邮箱
ruf=mailto:dmarc-afrf@mydomain.com 是发送取证报告的邮箱
pct=100 是域名所有者希望将其政策应用于的邮件百分比
额外的 配置选项 也可供域名所有者在其 DMARC 政策记录中使用,但这些是基本信息。
DMARC 记录包含在组织的 DNS 数据库中。DMARC 记录是标准 DNS TXT 记录的特别格式版本,具有特定名称,即 “_dmarc.mydomain.com”(请注意前导下划线)。DMARC 记录看起来类似于以下内容:_dmarc.mydomain.com. IN TXT “v=DMARC1\; p=none\; rua=mailto:dmarc-aggregate@mydomain.com\; ruf=mailto:dmarc-afrf@mydomain.com\; pct=100”
从左到右阅读这个记录,简单地说:
v=DMARC1 指定 DMARC 版本
p=none 指定首选处理或 DMARC 策略
rua=mailto:dmarc-aggregate@mydomain.com 是发送汇总报告的邮箱
ruf=mailto:dmarc-afrf@mydomain.com 是发送取证报告的邮箱
pct=100 是域名所有者希望将其政策应用于的邮件百分比
额外的 配置选项 也可供域名所有者在其 DMARC 政策记录中使用,但这些是基本信息。
DMARC 域名对齐是什么意思?
“Domain alignment” is a concept in DMARC that expands the domain validation intrinsic to SPF and DKIM. DMARC domain alignment matches a message’s “from” domain with information relevant to these other standards:
For SPF, the message’s From domain and its Return-Path domain must match
For DKIM, the message’s From domain and its DKIM d= domain must match
The alignment can be relaxed (matching base domains, but allowing different subdomains) or strict (precisely matching the entire domain). This choice is specified in the published DMARC policy of the sending domain.
“Domain alignment” is a concept in DMARC that expands the domain validation intrinsic to SPF and DKIM. DMARC domain alignment matches a message’s “from” domain with information relevant to these other standards:
For SPF, the message’s From domain and its Return-Path domain must match
For DKIM, the message’s From domain and its DKIM d= domain must match
The alignment can be relaxed (matching base domains, but allowing different subdomains) or strict (precisely matching the entire domain). This choice is specified in the published DMARC policy of the sending domain.
“Domain alignment” is a concept in DMARC that expands the domain validation intrinsic to SPF and DKIM. DMARC domain alignment matches a message’s “from” domain with information relevant to these other standards:
For SPF, the message’s From domain and its Return-Path domain must match
For DKIM, the message’s From domain and its DKIM d= domain must match
The alignment can be relaxed (matching base domains, but allowing different subdomains) or strict (precisely matching the entire domain). This choice is specified in the published DMARC policy of the sending domain.
什么是 DMARC p= 策略?
The DMARC specification provides three choices for domain owners to use to specify their preferred treatment of mail that fails DMARC validation checks. These “p= policies” are:
none: treat the mail the same as it would be without any DMARC validation
quarantine: accept the mail but place it somewhere other than the recipient’s inbox (typically the spam folder)
reject: reject the message outright
Remember that the domain owner can only request, not force, enforcement of its DMARC record; it’s up to the inbound mail server to decide whether or not to honor the requested policy.
The DMARC specification provides three choices for domain owners to use to specify their preferred treatment of mail that fails DMARC validation checks. These “p= policies” are:
none: treat the mail the same as it would be without any DMARC validation
quarantine: accept the mail but place it somewhere other than the recipient’s inbox (typically the spam folder)
reject: reject the message outright
Remember that the domain owner can only request, not force, enforcement of its DMARC record; it’s up to the inbound mail server to decide whether or not to honor the requested policy.
The DMARC specification provides three choices for domain owners to use to specify their preferred treatment of mail that fails DMARC validation checks. These “p= policies” are:
none: treat the mail the same as it would be without any DMARC validation
quarantine: accept the mail but place it somewhere other than the recipient’s inbox (typically the spam folder)
reject: reject the message outright
Remember that the domain owner can only request, not force, enforcement of its DMARC record; it’s up to the inbound mail server to decide whether or not to honor the requested policy.
什么是DMARC报告?
DMARC reports are generated by inbound mail servers as part of the DMARC validation process. There are two formats of DMARC reports:
Aggregate reports, which are XML documents showing statistical data about the messages received that claimed to be from a particular domain. Date reported includes authentication results and message disposition. Aggregate reports are designed to be machine-readable.
Forensic reports, which are individual copies of messages which failed authentication, each enclosed in a full email message using a special format called AFRF. Forensic report can be useful both for troubleshooting a domain’s own authentication issues and for identifying malicious domains and web sites.
DMARC reports are generated by inbound mail servers as part of the DMARC validation process. There are two formats of DMARC reports:
Aggregate reports, which are XML documents showing statistical data about the messages received that claimed to be from a particular domain. Date reported includes authentication results and message disposition. Aggregate reports are designed to be machine-readable.
Forensic reports, which are individual copies of messages which failed authentication, each enclosed in a full email message using a special format called AFRF. Forensic report can be useful both for troubleshooting a domain’s own authentication issues and for identifying malicious domains and web sites.
DMARC reports are generated by inbound mail servers as part of the DMARC validation process. There are two formats of DMARC reports:
Aggregate reports, which are XML documents showing statistical data about the messages received that claimed to be from a particular domain. Date reported includes authentication results and message disposition. Aggregate reports are designed to be machine-readable.
Forensic reports, which are individual copies of messages which failed authentication, each enclosed in a full email message using a special format called AFRF. Forensic report can be useful both for troubleshooting a domain’s own authentication issues and for identifying malicious domains and web sites.
DMARC与SPF、DKIM或其他标准有什么关联?
DKIM, SPF, and DMARC are all standards that enable different aspects of email authentication. They address complementary issues.
SPF allows senders to define which IP addresses are allowed to send mail for a particular domain.
DKIM provides an encryption key and digital signature that verifies that an email message was not faked or altered.
DMARC unifies the SPF and DKIM authentication mechanisms into a common framework and allows domain owners to declare how they would like email from that domain to be handled if it fails an authorization test.
DKIM, SPF, and DMARC are all standards that enable different aspects of email authentication. They address complementary issues.
SPF allows senders to define which IP addresses are allowed to send mail for a particular domain.
DKIM provides an encryption key and digital signature that verifies that an email message was not faked or altered.
DMARC unifies the SPF and DKIM authentication mechanisms into a common framework and allows domain owners to declare how they would like email from that domain to be handled if it fails an authorization test.
DKIM, SPF, and DMARC are all standards that enable different aspects of email authentication. They address complementary issues.
SPF allows senders to define which IP addresses are allowed to send mail for a particular domain.
DKIM provides an encryption key and digital signature that verifies that an email message was not faked or altered.
DMARC unifies the SPF and DKIM authentication mechanisms into a common framework and allows domain owners to declare how they would like email from that domain to be handled if it fails an authorization test.
我需要 DMARC 吗?
如果您是一家发送商业或 交易邮件的企业,您绝对需要实施一种或多种形式的 电子邮件认证 来验证电子邮件确实来自您或您的企业。正确配置 DMARC 帮助接收邮件服务器确定如何评估声称来自您域的邮件,而这是改善邮件投递率的最重要步骤之一。
然而,像 DMARC 这样的标准仅能做到这些;MessageBird 和其他电子邮件专家 建议在 完整的消息策略 背景下实施 DMARC 电子邮件认证政策。
如果您是一家发送商业或 交易邮件的企业,您绝对需要实施一种或多种形式的 电子邮件认证 来验证电子邮件确实来自您或您的企业。正确配置 DMARC 帮助接收邮件服务器确定如何评估声称来自您域的邮件,而这是改善邮件投递率的最重要步骤之一。
然而,像 DMARC 这样的标准仅能做到这些;MessageBird 和其他电子邮件专家 建议在 完整的消息策略 背景下实施 DMARC 电子邮件认证政策。
如果您是一家发送商业或 交易邮件的企业,您绝对需要实施一种或多种形式的 电子邮件认证 来验证电子邮件确实来自您或您的企业。正确配置 DMARC 帮助接收邮件服务器确定如何评估声称来自您域的邮件,而这是改善邮件投递率的最重要步骤之一。
然而,像 DMARC 这样的标准仅能做到这些;MessageBird 和其他电子邮件专家 建议在 完整的消息策略 背景下实施 DMARC 电子邮件认证政策。
加入我们的Newsletter。
通过每周更新到您的收件箱,随时了解 Bird 的最新动态。
通过提交,您同意 Bird 可能会就我们的产品和服务与您联系。
您可以随时取消订阅。查看Bird的隐私声明以获取有关数据处理的详细信息。
加入我们的Newsletter。
通过每周更新到您的收件箱,随时了解 Bird 的最新动态。
通过提交,您同意 Bird 可能会就我们的产品和服务与您联系。
您可以随时取消订阅。查看Bird的隐私声明以获取有关数据处理的详细信息。
加入我们的Newsletter。
通过每周更新到您的收件箱,随时了解 Bird 的最新动态。
通过提交,您同意 Bird 可能会就我们的产品和服务与您联系。
您可以随时取消订阅。查看Bird的隐私声明以获取有关数据处理的详细信息。
