SPF(发信方策略框架)记录就是在txt记录(现在也有专门的spf记录)里标明该域的邮件只能从指定的服务器发出,否则都是假冒的。现在有2个版本,spf1和spf2。不过被转发的邮件就不能通过SPF检查的。比如用163的邮箱给一个用gmail的人发邮件,对方又把自己的邮箱直接转发到了qq的邮箱上,这样就不能通过spf校验。
简单看看spf格式的txt记录:
dig -t txt google.com
google.com. 3600 IN TXT “v=spf1 include:_spf.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all”
继续
dig -t txt _spf.google.com 结果是
“v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all”
再继续
v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ~all
v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all
以上就是google设置的发送邮件源IP段,如果不是这些段发送的邮件,都可能是假冒的邮件。邮件系统的反垃圾处理,其实基本都会做SPF校验,比如我自己的邮箱给gmail发邮件:
Received-SPF: pass (google.com: domain of xx AT gnuers.org designates 184.105.67.102 as permitted sender) client-ip=184.105.67.102;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of xx AT gnuers.org designates 184.105.67.102 as permitted sender) smtp.mail xx AT gnuers.org