我们通过Google Apps和Klaviyo发送电子邮件 - 这是一个有点像mailchimp的工具。
我很想设置一个SPF记录,以确保它们正确地进行了身份验证。
我让我的主人去做,他们设置了两条记录:
v=spf1 include:_spf.google.com ~all v=spf1 include:send.benefacto.org ~all根据此https://support.google.com/a/answer/4568483?hl=zh-CN当您有多个SPF记录时,他们都需要包装成一个例如
v=spf1 include:send.benefacto.org include:_spf.google.com ~all这有意义吗?
We send emails both through Google Apps, and also through Klaviyo - which is a tool a bit like mailchimp.
I'm keen to set an SPF record to make sure they're being authenticated correctly.
I asked my host to do it and they set two records as:
v=spf1 include:_spf.google.com ~all v=spf1 include:send.benefacto.org ~allAccording to this https://support.google.com/a/answer/4568483?hl=en when you have multiple SPF records they all need to be wrapped into one e.g.
v=spf1 include:send.benefacto.org include:_spf.google.com ~allDoes this make sense?
最满意答案
我不会使用~all ,而是使用-all 。 如果你关心身份验证,那么你可能会失败,如果它不好。
另外我看到你正在关注Klaviyo的文档,但我只想澄清一下,你的电子邮件是否与@ send.benefacto.org的返回路径一致? 这被称为RFC5321.MailFrom。 这是用于测试SPF记录的内容。 如果它确实你很好。
您的send.benefacto.org的SPF记录应该只是。
v=spf1 include:send.benefacto.org -all你不需要包含谷歌spf,因为谷歌不使用“send.benefacto.org”,因为它是RFC5321.MailFrom
现在,对于Google,您需要修复它。 因为您有2个SPF记录: 您的Benefacto.org SPF记录
您无需将其组合,只需删除此条目即可。
v=spf1 include:send.benefacto.org ~all这将让你只是:
v=spf1 include:_spf.google.com ~all由于Klaviyo和Gmail使用不同的RFC5321.MailFrom发送 - 您不必将它们组合在一起(我试图将这一点推向家庭,您可以真正受到伤害 - 只需为ESP创建不必要的查找)
您还应该仔细检查以确保您的SPF记录通过发送电子邮件至“mailtest@unlocktheinbox.com”从两个邮件来源中实际验证
您还应该考虑设置DKIM,我认为您将能够通过宽松的对齐设置DMARC。 但是你需要对DMARC和第三方发件人小心谨慎并进行相应的测试。
I wouldn't use ~all, instead use -all. If you care about authentication, you might as well make it fail, if its bad.
Also I see that you're following Klaviyo's documentation, but I just want to clarify something, does your email go out with the return-path of @send.benefacto.org? This is referred to as the RFC5321.MailFrom. This is what's used to test your SPF record. If it does you're good.
And your SPF record for send.benefacto.org should simply be.
v=spf1 include:send.benefacto.org -allYou don't need to include the google spf, because google doesn't use "send.benefacto.org" as it's RFC5321.MailFrom
Now for Google you need to fix it. Because you have 2 SPF records located here: Your Benefacto.org SPF Records
You don't need to combine it, you just need to remove this entry.
v=spf1 include:send.benefacto.org ~allWhich will leave you with just:
v=spf1 include:_spf.google.com ~allSince Klaviyo and Gmail send with different RFC5321.MailFrom - You don't have to combine them (I'm trying to drive this point home, you can it doesn't really hurt - just creates uneccassary lookups for the ESP)
You should also double check to make sure your SPF records actually validate correctly from both mailing sources by sending an email to "mailtest@unlocktheinbox.com"
You should also look into setting up DKIM and I think you'll be able to set up DMARC with relaxed alignments. But you'll need to be a little careful with DMARC and 3rd party senders and test accordingly.
更多推荐
发布评论