Ukuqinisekisa Kanjani Ukuqinisekiswa Kwe-imeyili Yakho Kusethelwe Ngokufanelekile I-DKIM, DMARC, SPF & BIMI
Uma uthumela noma yimaphi amavolumu abalulekile wama-imeyili wokumaketha, kungenzeka ukuthi i-imeyili yakho ayihambi ngendlela eya ebhokisini lokungenayo uma ungakalungiseleli ukuqinisekiswa kwe-imeyili yakho. Sisebenza nezinkampani eziningi ezizisiza ngokufuduka kwama-imeyili, ukufudumala kwe-IP, nezinkinga zokulethwa. Izinkampani eziningi aziboni nokuthi zinenkinga; bacabanga ukuthi ababhalisile abazibandakanyi nama-imeyili abo.
I-Phishing
Impikiswano indaba ekhulayo yama-imeyili anonya nawomgunyathi, ikakhulukazi ukuphinga ama-imeyili. Ubugebengu bokweba imininingwane ebucayi kuwukuhlasela ku-inthanethi lapho abantu noma izinhlangano zizama ukukhohlisa abantu ukuze baveze ulwazi olubucayi, olufana namagama ayimfihlo noma imininingwane yekhadi lesikweletu, ngokuzenza amabhizinisi athembekile. Lokhu kwenziwa ngokuyinhloko nge-imeyili. Umhlaseli uzothumela i-imeyili ebonakala sengathi iphuma kumthombo osemthethweni, bese ikuletha ekhasini lokubikezela okholelwa ukuthi elokungena ngemvume noma elinye ikhasi lokuqinisekisa lapho isisulu sifaka khona imininingwane yakhe siqu.
Izinkinga Ezingabonakali Zokudiliva
Kunezinkinga ezintathu ezingabonakali ngokuthunyelwa kwe-imeyili amabhizinisi angazazi:
- Imvume - Abahlinzeki besevisi ye-imeyili (Ama-ESP) phatha izimvume zokungena... kodwa umhlinzeki wesevisi ye-inthanethi (I-ISP) iphethe isango lekheli le-imeyili okuyiwa kulo. Isistimu enamaphutha ngokwemvelo eye yanda amacebo okukhwabanisa afana nobugebengu bokweba imininingwane ebucayi. Ungenza yonke into ngendlela efanele njengebhizinisi ukuze uthole imvume namakheli e-imeyili, futhi i-ISP ayinawo umqondo futhi ingase ikuvimbele noma kunjalo. Ama-ISP acabanga ukuthi ungugaxekile noma uthumela ama-imeyili anonya… ngaphandle kwalapho ubonisa okuhlukile.
- Ukubekwa Kwebhokisi Lemilayezo Engenayo - Ama-ESP ahlala ekhuthaza amanani aphezulu okulethwa angumbhedo. I-imeyili eqondiswe ngqo kufolda kadoti futhi engakaze ibonwe obhalisele i-imeyili yakho ilethwa ngokobuchwepheshe. Ukuqapha ngempela ukubekwa kwebhokisi lakho lokungenayo, kufanele usebenzise a uhlu lwembewu futhi ubheke i-ISP ngayinye ukuze ubone ukuthi i-imeyili yakho ifike kubhokisi lokungenayo noma kufolda kadoti. Inkampani yami ingakunikeza lokhu kuhlola nawe.
- Idumela - Ama-ISP kanye nezinsizakalo zezinkampani zangaphandle nazo zigcina amaphuzu edumela lokuthumela ikheli le-IP le-imeyili yakho. Kukhona izinhlu zokuvinjelwa ezingase zisetshenziswe ama-ISP ukuze uvimbele wonke ama-imeyili akho, noma ungase ube nedumela elibi elingakwenza udluliselwe kufolda yodoti. Ungasebenzisa izinsiza eziningi ukuze ugade isithunzi sakho se-IP, kodwa ngingaba nethemba njengoba abaningi bengenakho ukuqonda nge-algorithm ye-ISP ngayinye.
Ukuqinisekiswa kwe-imeyili
Umkhuba ongcono kakhulu wokunciphisa noma yiziphi izinkinga zokubekwa kwebhokisi lokungenayo uwukuqinisekisa ukuthi usethe amarekhodi okuqinisekisa ama-imeyili ama-ISP angawasebenzisa ukuze abheke futhi aqinisekise ukuthi ama-imeyili owathumelayo athunyelwa nguwe ngempela hhayi othile ozenza inkampani yakho. Lokhu kwenziwa ngezindinganiso ezimbalwa:
- Uhlaka lwenqubomgomo yabentwana (SPF) - izinga elidala kunawo wonke, yilapho ubhalisa khona irekhodi le-TXT ekubhaliseni kwesizinda sakho (DNS) esho ukuthi yiziphi izizinda noma IP amakheli othumela kuwo ama-imeyili enkampani yakho. Isibonelo, ngithumela ama-imeyili okuthi Martech Zone kusukela Indawo Yokusebenzela yakwaGoogle.
v=spf1 include:_spf.google.com ~all
- DomainUkuqinisekiswa Komlayezo okusekelwe, Ukubika kanye Nokuhambisana (I-DMARC) - leli zinga elisha linokhiye obethelwe ongaqinisekisa kokubili isizinda sami kanye nomthumeli. Ukhiye ngamunye ukhiqizwa umthumeli wami, eqinisekisa ukuthi ama-imeyili athunyelwe umuntu othumela ogaxekile awakwazi ukonakala. Uma usebenzisa i-Google Workspace, nakhu indlela yokusetha i-DMARC.
- Imeyili Ekhonjiwe Ye-DomainKeys (I-DKIM) - Ngokusebenza ngokuhambisana nerekhodi le-DMARC, leli rekhodi lazisa ama-ISP ukuthi ayiphathe kanjani imithetho yami ye-DMARC kanye ne-SPF nokuthi ithunyelwa kuphi imibiko yokulethwa. Ngifuna ama-ISP enqabe noma imiphi imilayezo engadluli i-DKIM noma i-SPF, futhi ngifuna ukuthi athumele imibiko kulelo kheli le-imeyili.
v=DMARC1; p=reject; rua=mailto:dmarc@martech.zone; aspf=s; fo=s;
- Izinkomba Zomkhiqizo Zokuhlonza Umlayezo (I-BIMI) – okungeziwe okusha, i-BIMI ihlinzeka ngendlela yokuthi ama-ISP nezicelo zawo ze-imeyili abonise ilogo yomkhiqizo ngaphakathi kweklayenti le-imeyili. Kukhona kokubili izinga elivulekile kanye ne- indinganiso ebethelwe ye-Gmail, lapho udinga futhi isitifiketi somaka esiqinisekisiwe (I-VMC). Izitifiketi ziyabiza, ngakho-ke angikwenzi lokho okwamanje. Ama-VMC akhishwa iziphathimandla ezimbili ezamukelwayo zokuqinisekisa ukoma: Ukungena futhi DigiCert. Olunye ulwazi lungatholakala ku- Iqembu le-BIMI.
v=BIMI1; l=https://martech.zone/logo.svg;a=self;
Ungakuqinisekisa Kanjani Ukuqinisekiswa Kwe-imeyili Yakho
Yonke imithombo, ukudluliselwa, kanye nolwazi lokuqinisekisa oluhlotshaniswa nawo wonke ama-imeyili atholakala ngaphakathi kwezihloko zemiyalezo. Ukutolika lokhu kulula kakhulu uma unguchwepheshe wokulethwa, kodwa uma ungumfundi, kunzima ngendlela emangalisayo. Nakhu ukuthi isihloko somlayezo sibukeka kanjani ephephandabeni lethu; Ngikhiphe amanye ama-imeyili ezimpendulo nolwazi lomkhankaso:
Uma ufunda konke, ungabona imithetho yami ye-DKIM, noma ngabe i-DMARC iyaphasa (ayiphasi) futhi i-SPF iyadlula… kodwa umsebenzi omningi lowo. Kukhona i-workaround engcono kakhulu, noma kunjalo, ongayisebenzisa DKIMValidator. I-DKIMValidator ikunikeza ikheli le-imeyili ongalingeza ohlwini lwakho lwezindaba noma ulithumele nge-imeyili yehhovisi lakho…
Okokuqala, iqinisekisa ukubethela kwami kwe-DMARC kanye nesiginesha ye-DKIM ukuze ubone ukuthi iyadlula noma ayidluli (ayiphumeleli).
DKIM Information:
DKIM Signature
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=circupressmail.com;
s=cpmail; t=1643110423;
bh=PTOH6xOB3+wFZnnY1pLaJgtpK9n/IkEAtaO/Xc4ruZs=;
h=Date:To:From:Reply-to:Subject:List-Unsubscribe;
b=HKytLVgsIfXxSHVIVurLQ9taKgs6hAf/s4+H3AjqE/SJpo+tamzS9AQVv3YOq1Nt/
o1mMOkAJN4HTt8JXDxobe6rJCia9bU1o7ygGEBY+dIIzAyURLBLo5RzyM+hI/X1BGc
jeA93dVXA+clBjIuHAM9t9LGxSri7B5ka/vNG3n8=
Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/relaxed
d= Domain: circupressmail.com
s= Selector: cpmail
q= Protocol:
bh= PTOH6xOB3+wFZnnY1pLaJgtpK9n/IkEAtaO/Xc4ruZs=
h= Signed Headers: Date:To:From:Reply-to:Subject:List-Unsubscribe
b= Data: HKytLVgsIfXxSHVIVurLQ9taKgs6hAf/s4+H3AjqE/SJpo+tamzS9AQVv3YOq1Nt/
o1mMOkAJN4HTt8JXDxobe6rJCia9bU1o7ygGEBY+dIIzAyURLBLo5RzyM+hI/X1BGc
jeA93dVXA+clBjIuHAM9t9LGxSri7B5ka/vNG3n8=
Public Key DNS Lookup
Building DNS Query for cpmail._domainkey.circupressmail.com
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+D53OskK3EM/9R9TrX0l67Us4wBiErHungTAEu7DEQCz7YlWSDA+zrMGumErsBac70ObfdsCaMspmSco82MZmoXEf9kPmlNiqw99Q6tknblJnY3mpUBxFkEX6l0O8/+1qZSM2d/VJ8nQvCDUNEs/hJEGyta/ps5655ElohkbiawIDAQAB
Validating Signature
result = fail
Details: body has been altered
Bese, ibheka irekhodi lami le-SPF ukubona ukuthi liyadlula (liyaphumelela):
SPF Information:
Using this information that I obtained from the headers
Helo Address = us1.circupressmail.com
From Address = info@martech.zone
From IP = 74.207.235.122
SPF Record Lookup
Looking up TXT SPF record for martech.zone
Found the following namesevers for martech.zone: ns57.domaincontrol.com ns58.domaincontrol.com
Retrieved this SPF Record: zone updated 20210630 (TTL = 600)
using authoritative server (ns57.domaincontrol.com) directly for SPF Check
Result: pass (Mechanism 'include:circupressmail.com' matched)
Result code: pass
Local Explanation: martech.zone: Sender is authorized to use 'info@martech.zone' in 'mfrom' identity (mechanism 'include:circupressmail.com' matched)
spf_header = Received-SPF: pass (martech.zone: Sender is authorized to use 'info@martech.zone' in 'mfrom' identity (mechanism 'include:circupressmail.com' matched)) receiver=ip-172-31-60-105.ec2.internal; identity=mailfrom; envelope-from="info@martech.zone"; helo=us1.circupressmail.com; client-ip=74.207.235.122
Okokugcina, inginikeza ukuqonda ngomlayezo ngokwawo kanye nokuthi okuqukethwe kungase kuhlabe umkhosi yini kwamanye amathuluzi okuthola ugaxekile, ihlole ukuze ibone ukuthi ngisohlwini lwabavinjelwe, futhi ingitshele ukuthi kuyanconywa yini noma cha ukuthi ithunyelwe kufolda kadoti:
SpamAssassin Score: -4.787
Message is NOT marked as spam
Points breakdown:
-5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/,
high trust
[74.207.235.122 listed in list.dnswl.org]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to background
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
Colors in HTML
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
Qiniseka ukuthi uhlola yonke i-ESP noma isevisi yemiyalezo yenkampani yangaphandle inkampani yakho ethumela kuyo i-imeyili ukuze uqiniseke ukuthi Ukuqinisekiswa Kwe-imeyili yakho kumiswe ngendlela efanele!
Izindlela Ezinhle Kakhulu Zokusebenzisa I-DMARC
Ukusebenzisa i-DMARC ngendlela efanele kubalulekile ekuvikelekeni kwe-imeyili nesithunzi somthumeli. Inqubomgomo oyikhethayo incike ezinhlosweni zakho zokuqinisekisa i-imeyili kanye nokulungela kwakho ukusingatha izinkinga ezingase zibe khona. Nakhu ukuhlukaniswa kwezinqubomgomo ezintathu:
- Lutho (p=none): Le nqubomgomo ngokuvamile isetshenziselwa ukuqapha nokuqoqa idatha ngaphandle kokuphazamisa ukulethwa kwama-imeyili akho. Ivumela abanikazi besizinda ukuthi babone ukuthi ubani othumela imeyili egameni lesizinda sabo. Yisiqalo esihle sokuqonda ukuthi i-imeyili yakho icutshungulwa kanjani nokuhlonza izinkinga ezingaba khona zokuqinisekisa ngaphandle kokufaka ukuthunyelwa kwe-imeyili okusemthethweni. Nakuba kungase kubonakale njengokuziba inqubomgomo, iyithuluzi elibalulekile lokuxilonga lokuqinisekisa ukuthi yonke into isethwe ngendlela efanele ngaphambi kokudlulela kuzinqubomgomo ezinemikhawulo eyengeziwe.
- Ukuvalelwa (p=quarantine): Le nqubomgomo iphakamisa ekutholeni amaseva e-imeyili ukuthi ama-imeyili ahluleka ukuhlolwa kwe-DMARC kufanele aphathwe ngokusolisayo. Ngokuvamile, lokhu kusho ukuzibeka kufolda yogaxekile kunokuzenqaba ngokuqondile. Kuyisisekelo esimaphakathi esinciphisa ubungozi bokwenqatshwa kwama-imeyili ngesikhathi esanikeza isivikelo kuma-imeyili omgunyathi. Kuyisinyathelo esilandelayo esihle ngemva kwalokho none uma usuqinisekise ukuthi ama-imeyili akho asemthethweni ayaphumelela ekuhlolweni kwe-DMARC.
- Yenqaba (p=nqaba): Lena inqubomgomo ephephe kakhulu, ebonisa ekwamukeleni iziphakeli ukuthi ama-imeyili ahluleka ukuhlolwa kwe-DMARC kufanele enqatshwe. Le nqubomgomo ivimbela ngempumelelo ukuhlaselwa kobugebengu bokweba imininingwane ebucayi futhi iqinisekisa ukuthi ama-imeyili aqinisekisiwe kuphela afinyelela kubamukeli. Nokho, kufanele isetshenziswe ngokucophelela ngemva kokuhlolwa okuphelele ngezinqubomgomo ezithi “akekho” futhi ngokunokwenzeka “nokuvalelwa yedwa” ukuze kugwenywe ukwenqaba ama-imeyili asemthethweni.
Imikhuba Engcono Kakhulu:
- Qala nge p=lutho ukuqoqa idatha futhi uqinisekise ukuthi ama-imeyili akho asemthethweni agunyazwe ngokufanelekile.
- Dlulela ku p=i-quarantine ukuze uqale ukuvikela isizinda sakho kuyilapho unciphisa ubungozi bokwenqatshwa kwama-imeyili asemthethweni.
- Ekugcineni, shintshela kokuthi p=nqaba uma usuqiniseka ukuthi izinqubo zakho zokuthumela i-imeyili zithobelana ngokugcwele ne-DMARC, ukuze kukhuliswe ukuvikeleka ekukhwabaniseni i-imeyili.
Isinyathelo ngasinye kufanele sibandakanye ukuhlaziya imibiko ye-DMARC kanye nokulungisa izinqubo zokuthumela i-imeyili yakho njengoba kudingeka ukuze kuqinisekiswe ukuthi ama-imeyili asemthethweni agunyazwe ngendlela efanele.
SPF Record Builder I-SPF kanye ne-DKIM Validator Umhloli we-BIMI