突然,一件奇怪的事发生了。我看到在我Yandex收件箱里的一封主题为“Verify Test 2”的邮件出现了绿色的有效标志。
开始的时候,我以为是我无意中发送了另一封测试邮件给我的Yandex邮箱并通过了过滤。但后来我意识到,我是发送了主题为“Verify Test 1”的邮件给Yandex邮箱,并发送了主题为“Verify Test 2”的邮件给Outlook邮箱。应该还有别的东西。
检查了几分钟后,我想起曾经给我的Outlook 365设置了邮件转发到Yandex邮箱,所以Outlook转发这封邮件给了Yandex。但是为什么那个有效标志会在这时候出现?
我在Yandex网站上看到它是这么说的(顺便说一下,这个功能现在已经不支持了):
“使用DKIM签名,收件人可以验证邮件是否真的来自可信的发件人。”
这是一个简单的DKIM(DomainKeys Identified Mail,域名密钥识别邮件)验证器。所以基本上如果一封邮件被有效的证书签名,并忽略发送者的域名,我们就可以看到这个很酷的绿色标志了。所以,只要发送域名是microsoft.com,它就一定已经被Microsoft的证书签名了吗??
为了了解到底发生了什么,我检查了这些垃圾邮件和有效邮件的邮件头。下图是被Yandex标记为垃圾邮件的邮件头:
Received: from mxfront15h.mail.yandex.net ([127.0.0.1])
by mxfront15h.mail.yandex.net with LMTP id HG70cJmK
for <utku.sen@yandex.com>; Sat, 3 Sep 2016 22:02:37 +0300
Received: from ec2-52-51-33-8.eu-west-1.compute.amazonaws.com (ec2-52-51-33-8.eu-west-1.compute.amazonaws.com [52.51.33.8])
by mxfront15h.mail.yandex.net (nwsmtp/Yandex) with ESMTP id K8106KgL1a-2aGmWbm2;
Sat, 03 Sep 2016 22:02:36 +0300
Return-Path: qhDwA.reWXEDN@example.com
X-Yandex-Front: mxfront15h.mail.yandex.net
X-Yandex-TimeMark: 1472929356
Authentication-Results: mxfront15h.mail.yandex.net; spf=fail (mxfront15h.mail.yandex.net: domain of example.com does not designate 52.51.33.8 as permitted sender) smtp.mail=qhDwA.reWXEDN@example.com
X-Yandex-Spam: 1
Received: from [127.0.0.1] (localhost [127.0.0.1])
by ip-10-0-0-12.eu-west-1.compute.internal (Postfix) with ESMTP id 2749C42DA5
for <utku.sen@yandex.com>; Sat, 3 Sep 2016 19:02:36 +0000 (UTC)
Content-Type: multipart/alternative;
boundary="127.0.0.1.0.4022.1472929356.122.1"
From: Johannes Brahms <secure@microsoft.com>
Subject: Verify Test 1
MIME-Version: 1.0
To: utku.sen@yandex.com
Received: from mxfront9h.mail.yandex.net ([127.0.0.1])
by mxfront9h.mail.yandex.net with LMTP id anm2f8eB
for <utku.sen@yandex.com>; Sat, 3 Sep 2016 22:05:49 +0300
Received: from mail-he1eur01lp0215.outbound.protection.outlook.com (mail-he1eur01lp0215.outbound.protection.outlook.com [213.199.154.215])
by mxfront9h.mail.yandex.net (nwsmtp/Yandex) with ESMTPS id **REMOVED**;
Sat, 03 Sep 2016 22:05:48 +0300
(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
(Client certificate not present)
Return-Path: utku.sen@bilgiedu.net
X-Yandex-Front: mxfront9h.mail.yandex.net
X-Yandex-TimeMark: 1472929548
Authentication-Results: mxfront9h.mail.yandex.net; dkim=pass header.i=@bilgiedu.onmicrosoft.com
X-Yandex-Spam: 1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=bilgiedu.onmicrosoft.com; s=selector1-bilgiedu-net;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=**REMOVED**
b=**REMOVED**
Resent-From: <utku.sen@bilgiedu.net>
Received: from HE1PR0401CA0023.eurprd04.prod.outlook.com (10.166.116.161) by
AM5PR0401MB2563.eurprd04.prod.outlook.com (10.169.245.14) with Microsoft SMTP
Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id
15.1.609.3; Sat, 3 Sep 2016 19:05:44 +0000
Received: from AM5EUR02FT060.eop-EUR02.prod.protection.outlook.com
(2a01:111:f400:7e1e::203) by HE1PR0401CA0023.outlook.office365.com
(2a01:111:e400:c512::33) with Microsoft SMTP Server (version=TLS1_0,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.609.3 via Frontend
Transport; Sat, 3 Sep 2016 19:05:44 +0000
Received-SPF: Fail (protection.outlook.com: domain of example.com does not
designate 52.51.33.8 as permitted sender) receiver=protection.outlook.com;
client-ip=52.51.33.8; helo=ip-10-0-0-12.eu-west-1.compute.internal;
Received: from ip-10-0-0-12.eu-west-1.compute.internal (52.51.33.8) by
AM5EUR02FT060.mail.protection.outlook.com (10.152.9.179) with Microsoft SMTP
Server id 15.1.587.6 via Frontend Transport; Sat, 3 Sep 2016 19:05:43 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1])
by ip-10-0-0-12.eu-west-1.compute.internal (Postfix) with ESMTP id E7BF642DA5
for <utku.sen@bilgiedu.net>; Sat, 3 Sep 2016 19:05:42 +0000 (UTC)
Content-Type: multipart/alternative;
boundary="127.0.0.1.0.4033.1472929542.917.1"
From: Johannes Brahms <secure@microsoft.com>
Subject: Verify Test 2
MIME-Version: 1.0
To: <utku.sen@bilgiedu.net>
实话说,我并没有完全懂发生了什么,因为我不是邮件身份认证方向的专家。邮件的接受者是outlook.com域名并持有DKIM签名。让我们一起检查这个邮件头(我移除了bh域和b域):
a = 签名算法
c = 规范化算法
d = 签名的域名
h = 被签名的邮件头列表
bh = 正文哈希
b = 内容的数字签名
所以我的邮箱地址是utku.sen@bilgiedu.net但签名的域名却是bilgiedu.onmicrosoft.com。我不确定是否所有的Outlook 365用户都会出现这种情况,可能是的。
但是邮件显示发送者是secure@microsoft.com。这让我感到很困惑。难道onmicrosoft.com的签名和microsoft.com的签名是一样的吗?如果是的话,这就是微软方面的问题了。或者,情况不是这样,而是Yandex的问题即可以识别有效的DKIM签名。或者,我完全不知道关于这个DKIM的精髓。