Сегодняшняя сессия вопросов и ответов приходит к нам благодаря SuperUser - подразделению Stack Exchange, основанной на сообществах сайтам Q & A.
Фото любезно предоставлено Марией Еленой (Flickr).
Вопрос
Читатель SuperUser Джейк М хочет знать, как кто-то смог отправить электронную почту, используя свой личный домен:
Spammers or someone similar is sending e-mails to people using our domain name.
- The e-mails are from a user we did not create called: [email protected].
- The e-mail is to: [email protected].
- The content of the e-mail talks about a stock that is six cents but will go to fifteen cents and that people should buy it. It contains a link to Yahoo’s finance website, but I will not click it, so I am not sure if it is legitimate. We know of the e-mails because we get bounce-backs (the recipient must not exist).
What would allow someone (or a bot) to send an e-mail under our domain name? Is there anything we can do to stop this? Is this Dictionary Spamming?
Как кто-то это делает и есть ли что-нибудь, что можно сделать для смягчения ситуации?
Ответ
У участников SuperUser Paul и AFH есть ответ для нас. Сначала, Пол:
The SMTP protocol does not include any controls over the From and To fields in an e-mail. They can be whatever you like provided you have authority to send e-mails using the SMTP server.
So the short answer is nothing prevents anyone from using your domain in e-mails they send. Even normal users can put whatever e-mail address they like in their e-mail settings.
Spammers routinely use valid domain names as From addresses to avoid being blocked.
While you cannot stop someone from sending e-mails with your domain name, you can help e-mail servers around the world understand if e-mails sent from your domain name actually originated from you and are legitimate e-mails, so that any others can be discarded as spam.
SPF
One way is to use SPF. This is a record that goes into DNS and lets the Internet know what servers are permitted to send e-mails on behalf of your domain. It looks like this:
ourdomain.com.au. IN TXT “v=spf1 mx ip4:123.123.123.123 -all”
This says that the only valid sources of e-mail for ourdomain.com.au are the MX servers – the server defined as the recipient of e-mails for the domain, and another server at 123.123.123.123. E-mail from any other server should be considered spam.
Most e-mail servers will check for the presence of this DNS record and act accordingly.
DKIM
While SPF is easy to set up, DKIM takes a little more effort and should be implemented by your e-mail server administrator. If you send your e-mail via an ISP e-mail server, they will often have methods for quick setup of DKIM.
DKIM works similarly to SSL certificates. A public/private key pair is generated. The private key is known only to the e-mail server, and it will sign any outgoing e-mails.
The public key is published using DNS. So any server receiving e-mails marked as coming from your domain can check that the e-mail was signed by retrieving the public key and checking the signature in the e-mails. If no signature is present, or it is incorrect, the e-mail can be considered spam.
Вслед за ответом AFH:
An e-mail can contain any Reply-To address you choose. Some e-mail servers will send undeliverable notifications back to the Reply-To address rather than the originator. Online mail handlers like Gmail require you to validate any Reply-To address you use when composing online, but there is no such restriction when using a remote client with POP3/IMAP. And if you run your own e-mail server, you can probably also fake the From address.
Есть что добавить к объяснению? Отключить звук в комментариях. Хотите узнать больше ответов от других пользователей Windows? Посмотрите здесь полную дискуссионную тему.
