我非常成功地使用PHPMailer从我的网站发送SPF / DKIM电子邮件。成功,因为其垃圾邮件评分几乎为零。
但是,我想向签名添加自定义邮件头,以使其价值具有真实性。
插图:
假设我有一个自定义字段X-app-originalSender
。
[当我查看外发电子邮件的来源时,看到
Delivered-To: [email protected]
Received: by 10.10.10.10 with SMTP id v7csp230623wjf;
Tue, 6 May 2014 05:20:04 -0700 (PDT)
X-Received: by 10.10.10.10 with SMTP id v2mr38890846oer.37.1399378803091;
Tue, 06 May 2014 05:20:03 -0700 (PDT)
Return-Path: <[email protected]>
Received: from mail-oa0-x22e.gogol.com (mail-oa0-x22e.gogol.com [2607:f8b0:4003:c02::22e])
by mx.gogol.com with ESMTPS id vj5si8402166obb.10.10.10.10.05.20.02
for <[email protected]>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Tue, 06 May 2014 05:20:03 -0700 (PDT)
Received-SPF: none (gogol.com: [email protected] does not designate permitted sender hosts) client-ip=2607:f8b0:4003:c02::22e;
Authentication-Results: mx.gogol.com;
spf=neutral (gogol.com: [email protected] does not designate permitted sender hosts) [email protected];
dkim=pass [email protected]
Received: by mail-oa0-x22e.gogol.com with SMTP id i4so9294020oah.19
for <[email protected]>; Tue, 06 May 2014 05:20:02 -0700 (PDT)
X-gogol-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:delivered-to:to:subject:dkim-signature:date:from
:reply-to:message-id:mime-version:content-type;
bh=ObNkr4SNFALRke4Aa0VT3bZmEq19ZIWHnngz5uCPG3U=;
b=hbiSE6cEr+FEAIGUCqsCfNOQq9SYsYZ9fa4lC333uWyUY9x6srMgwHeOa28IoKxD31
76LnRKfqc3YZBqMFKJ37plvyVXdaRsPCwLdYrNNMxmvNVVb5siC8r6Frx6v2QCBPcPEQ
U+c6Qn/Rl9dHYHD9GCoC346DWkC8CcAF/MG6oipVcf9kojwfuYR/UgzpjmVMKcueUpEy
nHKKGmfVT9RcqHgPMsOj1/W8/k/drKRUk2QlzLH8anR6foeWqjNtyUmHYxo/Qc6eKoxh
Zua23/rTAgb/1SF4yalyeaeTa9xWO07bHeDwgknvg7QuYBSjDt+7iIXngkZXVYaSNAEJ
xZIw==
X-Gm-Message-State: ALoCoQmfamLXlJ4EXccj5awNP/G2qU/uIZcjuLJKrB+5YOVHQsc1ARYlMw6wxCDTCchbQnufkN4N
X-Received: by 10.10.10.10 with SMTP id my9mr1885484obb.61.1399378802595;
Tue, 06 May 2014 05:20:02 -0700 (PDT)
X-Forwarded-To: [email protected]
X-Forwarded-For: [email protected] [email protected]
Delivered-To: [email protected]
Received: by 10.10.10.10 with SMTP id hd5csp216265obb;
Tue, 6 May 2014 05:20:01 -0700 (PDT)
X-Received: by 10.10.10.10 with SMTP id a49mr10690110eei.46.1399378800211;
Tue, 06 May 2014 05:20:00 -0700 (PDT)
Return-Path: <[email protected]>
Received: from rembrandt.net.de (rembrandt.net.de. [10.10.10.10])
by mx.gogol.com with ESMTPS id n46si13234148eeo.10.10.10.10.05.19.59
for <[email protected]>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Tue, 06 May 2014 05:20:00 -0700 (PDT)
Received-SPF: pass (gogol.com: domain of [email protected] designates 10.10.10.10 as permitted sender) client-ip=10.10.10.10;
Received: (qmail 29290 invoked by uid 10269); 6 May 2014 14:19:59 +0200
To: [email protected]
Subject: Whatever
X-app-originalSender: Roger Rabbit
X-PHP-Originating-Script: 10269:class.phpmailer.php
DKIM-Signature: v=1; a=rsa-sha1; q=dns/txt; l=937; s=website;
t=1399378799; c=relaxed/simple;
h=From:To:Subject;
d=website.com;
z=From:=20"website.com=20Warning"=20<[email protected]>
|To:[email protected]
|Subject:=20Whatever;
bh=Yvxg9fVS37EmFVuVWzUji3Wry5Q=;
b=JmNeGJsvhhC5s/rTLfXPSBte2NfYCPLNiNrNi4/bbjcdKvPNt/LvySGOpD+4hIAxsjwGtknsz7CMDOhcmJLPK/FHge18q+Dw1j0chtRehIZUdEHKcHDU5n2X2/x+ja+EohtfNFwCfjm3Zyfjf+cDyvsKUrf8l6mtWqK9oWpjyrg=
Date: Tue, 6 May 2014 14:19:59 +0200
From: "website.com Warning" <[email protected]>
Reply-To: "website.com Warnung" <[email protected]>
Message-ID: <[email protected]>
X-Priority: 3
X-Mailer: website.com platform (https://website.com)
MIME-Version: 1.0
Content-Type: multipart/alternative;
我对行[[h=From:To:Subject;
最为感兴趣,并假设必须有一种向其添加自定义字段的方法。
DKIM规格
来自http://dkim.org/specs/draft-allman-dkim-base-01.html#rfc.section.3.5带签名的标头字段(纯文本,但请参见描述;必填)。标题字段名称的冒号分隔列表>,用于标识呈现给签名算法的标题字段。字段必须按照提交给签名算法的顺序包含标头字段的完整列表。该字段可以包含在签名时不存在的标题字段的名称;不存在的标头字段不会有助于签名计算(也就是说,将它们视为空输入,包括标头字段名称,分隔冒号,标头字段值和任何CRLF终止符),以及在验证不存在的标头时字段必须以相同的方式处理。该字段不得包含正在创建或验证的DKIM-Signature标头字段。冒号分隔符的两侧都可以包含折叠空格(FWS)。报头字段名称必须以不区分大小写的方式与实际的报头字段名称进行比较。ABNF:sig-h-tag =“ h =”FWS hdr-name 0((* FWS“:” * FWS hdr-name)hdr名称=字段名称信息说明:通过“签名”实际上不存在的头字段,签名者可以防止在验证之前插入这些头字段。但是,由于发件人可能无法知道将来可能会创建哪些头字段,并且某些MUA可能会提供嵌入在消息中的头字段(例如,作为消息/ rfc822内容类型),因此此解决方案的安全性在于不完全是。信息说明:头字段名称和冒号以及不存在的头字段的头字段值的排除都可以防止攻击者插入带有空值的实际头字段。
DKIM_Add
方法是发生有趣的位的地方,您可以在其中看到h=From:To:Subject;
是硬编码的。解决此问题的最简单方法可能是继承PHPMailer并重写此函数以包含您的额外标头。Update:PHPMailer现在支持通过DKIM_extraHeaders
属性将额外的标头添加到DKIM签名中,例如:
$mail->DKIM_extraHeaders = ['List-Unsubscribe', 'List-Help'];