AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

DMARC policy violation using Amazon SES

0

Hello,

I've setup everything as in getting started articles for Amazon SES, but I still getting errors like these - The messages violates the DMARC policy of ....com.

I'm using ...@....com as FROM and mail-1.....com as MAIL FROM.

Both have SPF records including - amazonses.com.

My DMARC record is - v=DMARC1; p=quarantine; rua=mailto:...@....com.

If you check one of the reports I provided below, it writes that second record failed, that IP doesn't belong to Amazon.

Could you explain why is that and how to solve it?

<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
  <report_metadata>
    <org_name>google.com</org_name>
    <email>noreply-dmarc-support@google.com</email>
    <extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
    <report_id>...</report_id>
    <date_range>
      <begin>...</begin>
      <end>...</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>....com</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>quarantine</p>
    <sp>quarantine</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>93.188.3.35</source_ip>
      <count>2</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>....com</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>....com</domain>
        <result>pass</result>
        <selector>...</selector>
      </dkim>
      <dkim>
        <domain>amazonses.com</domain>
        <result>pass</result>
        <selector>...</selector>
      </dkim>
      <spf>
        <domain>mail-1.....com</domain>
        <result>softfail</result>
      </spf>
    </auth_results>
  </record>
  <record>
    <row>
      <source_ip>23.251.240.4</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>....com</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>....com</domain>
        <result>pass</result>
        <selector>...</selector>
      </dkim>
      <dkim>
        <domain>amazonses.com</domain>
        <result>pass</result>
        <selector>...</selector>
      </dkim>
      <spf>
        <domain>mail-1.....com</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
</feedback>
주제
프론트엔드 웹 및 모바일비즈니스 애플리케이션네트워킹 및 콘텐츠 전송AWS의 .NET
태그
아마존 심플 이메일 서비스도메인 이름 시스템(DNS)AWS의 .NET
언어
English
DevHub
질문됨 2년 전354회 조회
2개 답변
1
수락된 답변

Typically when you see DKIM passing and SPF failing, it's the result of email forwarding. DNS information suggests that 93.188.3.35 is an outgoing mail server from another organization.

DMARC leverages both SPF and DKIM, so as long as either passes, DMARC passes too. It is well known that email forwarding breaks SPF, so DKIM is there to cover that scenario.

The short answer is that you can't control whether your recipients choose to forward their email, nor can you control how forwarding email servers attempt to deliver the message in a DMARC-compatible fashion, so you can't solve this scenario.

AWS
Jesse_T
답변함 2년 전
0

Hello. If you haven't already done so, please review Complying with DMARC using Amazon SES which may help identify the issue.

profile pictureAWS
David Pallmann
답변함 2년 전
  • DevHub
    2년 전

    Hello. Thanks for the answer, but I already checked it and did how it says.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠