为什么我每天都收到 DMARC 报告?

我已经在我的域设置了 DMARC 策略。

但是每天我都会收到来自 Google 的 XML 报告。

我不明白有什么问题?

这份报告是:

<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
<report_metadata>
<org_name>google.com</org_name>
<email>noreply-dmarc-support@google.com</email>
<extra_contact_info>http://support.google.com/a/bin/answer.py?answer=2466580</extra_contact_info>
<report_id>7241837801886321635</report_id>
<date_range>
<begin>1431388800</begin>
<end>1431475199</end>
</date_range>
</report_metadata>
<policy_published>
<domain>rigweb.ru</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>144.76.154.188</source_ip>
<count>2</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>site.ru</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>rigweb.ru</domain>
<result>pass</result>
</dkim>
<spf>
<domain>site.ru</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>

我的 DMARC 政策:

v=DMARC1; sp=none; aspf=r; p=none; rua=mailto: support@site.ru

我怎样才能解决这个问题?

91597 次浏览

There's no problem. Aggregate reports (like this one) are sent as a summary (typically daily) of all emails received by that receiver - passing and failing.

The sample report you provided shows that all emails are passing, so there's nothing to fix.

In short: it's all good.

Here's the explanation for this:

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It is in fact a ruleset made for reporting back to you on the quality of the email messages received from your domain.

You are receiving those XML reports because it's what you asked with the rua=mailto:email@example.com; part of your dmarc TXT record. Note you didn't set any processing rule for failing messages: p=none means you only want to see the results of the checks.

As you can read in the specification (RFC 7489), RUA stands for "Reporting URI of Aggregate reports". Using it you are telling every DMARC-compliant recipient server to send you a (daily) aggregate report for the emails it receives by you or sent on your behalf.

Have a look at dmarc.org where you can find a nice overview of the system.

What does this specific report from Google tells you?

<date_range> This is the time range this report refers to (in your case, may 12 - may 13)
<policy_published> It's the parsed content of the dmarc record Google found in your DNS zone
<source_ip> The IP the emails were sent from
<policy_evaluated> The result of the DKIM and SPF checks are good (the two messages passed both tests).

Meaning:

The two messages sent by an email address @yoursite.ru and received by Google mail servers between may12 and may13 were correctly signed (DKIM) and were sent from authorized IPs (SPF). Based on this, we can reasonably say that Google has only received legitimate messages from your domain.