我们经历了一些奇怪的事情。我们有很多邮件是通过我们的域发送的,但不是由我们发送的。
我们已经安装了 DMARC、DKIM、SPF 等,所有这些都已设置并正常工作,但问题仍然存在。更改 API 密钥和 SMTP 密钥不会解决此问题。
我们能做什么?
邮件日志示例:
{
"Type" : "Notification",
"MessageId" : "d9c91074-7f57-5a86-8322-49393f02821a",
"TopicArn" : "arn:aws:sns:eu-west-1:718401892325:Bounce",
"Message" : "{\"notificationType\":\"Bounce\",\"bounce\":{\"feedbackId\":\"0102017a392a81a4-57668ac5-61a5-4648-9dc4-74c1b3c687c7-000000\",\"bounceType\":\"Permanent\",\"bounceSubType\":\"General\",\"bouncedRecipients\":[{\"emailAddress\":\"[REDACTED RECEIVER]\",\"action\":\"failed\",\"status\":\"5.3.0\",\"diagnosticCode\":\"smtp; 550 Invalid Recipient - https://community.mimecast.com/docs/DOC-1369#550 [aKgfXeZYNwGH2GQxUFKDHA.us425]\"}],\"timestamp\":\"2021-06-23T13:58:44.000Z\",\"remoteMtaIp\":\"207.211.30.242\",\"reportingMTA\":\"dns; a7-36.smtp-out.eu-west-1.amazonses.com\"},\"mail\":{\"timestamp\":\"2021-06-23T13:58:44.246Z\",\"source\":\"[OUR MAIL ADRESS]\",\"sourceArn\":\"arn:aws:ses:eu-west-1:718401892325:identity/[OURDOMAIN]\",\"sourceIp\":\"185.29.10.120\",\"sendingAccountId\":\"718401892325\",\"messageId\":\"0102017a392a7f16-fe0921c4-319b-4565-a621-999132fc4ded-000000\",\"destination\":[\"[REDACTED RECEIVER]\"],\"headersTruncated\":false,\"headers\":[{\"name\":\"Received\",\"value\":\"from [OURDOMAIN] ([185.29.10.120]) by email-smtp.amazonaws.com with SMTP (SimpleEmailService-d-ETSXZ9WDB) id jsSf6D7p1SM4Tbekxdmr for [REDACTED RECEIVER]; Wed, 23 Jun 2021 13:58:44 +0000 (UTC)\"},{\"name\":\"From\",\"value\":\"[REDACTED RECEIVER DOMAIN] <[OURDOMAIN]>\"},{\"name\":\"To\",\"value\":\"[REDACTED RECEIVER]\"},{\"name\":\"Subject\",\"value\":\"Pending E-mail Message Released / REF: [REDACTED RECEIVER] / Priority: High\"},{\"name\":\"Date\",\"value\":\"23 Jun 2021 16:57:44 +0300\"},{\"name\":\"Message-ID\",\"value\":\"<20210623164053.3484CFB902B9822F@[OURDOMAIN]>\"},{\"name\":\"MIME-Version\",\"value\":\"1.0\"},{\"name\":\"Content-Type\",\"value\":\"text/html\"},{\"name\":\"Content-Transfer-Encoding\",\"value\":\"quoted-printable\"}],\"commonHeaders\":{\"from\":[\"\\\"[REDACTED RECEIVER DOMAIN]\\\" <[REDACTED RECEIVER]>\"],\"date\":\"23 Jun 2021 16:57:44 +0300\",\"to\":[\"[REDACTED RECEIVER]\"],\"messageId\":\"<20210623164053.3484CFB902B9822F@[OURDOMAIN]>\",\"subject\":\"Pending E-mail Message Released / REF: [REDACTED RECEIVER] / Priority: High\"}}}",
"Timestamp" : "2021-06-23T13:58:45.045Z",
"SignatureVersion" : "1",
"Signature" : "....jetiO8rzyuzM1dc5FCVHt7UAqHIjahA0fmXnLxKn9L5KwOlSlFvYaWBcYkEgCG1F7m+z1qDRaYqaU80Z+YY+exR7nw==",
"SigningCertURL" : ".......",
"UnsubscribeURL" : "......-4f97-82a3-3bf1b9e107bc"
}
看起来有人从服务器发送垃圾邮件并使用 FROM:ebay.com info@ourdomain.com --> 使用 email-smtp.amazonaws.com SMTP --> 并通过我们的 Amazon SES 帐户发送到:ceo@ebay.com (例如)
任何人都可以指导我正确的方向,因为我不知道该怎么做,亚马逊也没有那么有帮助。
附言。在 JSON 响应中添加 [redacted...] 以保护接收者的隐私。
PS2。删除签名和签名 URL 并取消订阅