Comment bloquer / list noire d'un server de spam via l'logging SPF

J'ai un logging SPF:

v=spf1 include:_spf.google.com ip4:70.xx.xx.xx -all 

J'ai eu la valeur par défaut de Google de

 v=spf1 include:_spf.google.com ~all 

Je me suis éloigné de ce défaut dans le but d'utiliser SPF pour empêcher certains spammeurs en Iran de continuer à envoyer des messages qui, lorsqu'ils frappent une adresse fausse, me rebondissent avec des messages comme:

Reçu – SPF: neutre (google.com: 2.191.xx.xx n'est ni autorisé ni refusé par le meilleur document d'estimation pour le domaine de [jimmy@somedomain.ca] ) client-ip = 2.191.xx.xx ;

Ce message implique qu'il existe une façon de nier l'IP du spammeur, mais je n'ai pas réussi à le find, alors je suis finalement incertain.

Quelques conseils? J'aimerais que ce spammer soit refusé par le SPF directement ou indirectement.

Mise à jour: Ajout d'un message complet et non modifié auquel j'essaie de réagir (ci-dessous)

 Delivered-To: jimmy@somedomain.ca Received: by 10.28.62.13 with SMTP id l13csp432424wma; Sat, 22 Oct 2016 05:10:20 -0700 (PDT) X-Received: by 10.99.104.196 with SMTP id d187mr9004304pgc.26.1477158220522; Sat, 22 Oct 2016 05:10:20 -0700 (PDT) Return-Path: <> Received: from mail-pf0-x241.google.com (mail-pf0-x241.google.com. [2607:f8b0:400e:c00::241]) by mx.google.com with ESMTPS id hf1si1759156pac.263.2016.10.22.05.10.20 for <jimmy@somedomain.ca> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 22 Oct 2016 05:10:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of postmaster@mail-pf0-x241.google.com designates 2607:f8b0:400e:c00::241 as permitted sender) client-ip=2607:f8b0:400e:c00::241; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com; spf=pass (google.com: best guess record for domain of postmaster@mail-pf0-x241.google.com designates 2607:f8b0:400e:c00::241 as permitted sender) smtp.helo=mail-pf0-x241.google.com; dmarc=pass (p=QUARANTINE dis=NONE) header.from=googlemail.com Received: by mail-pf0-x241.google.com with SMTP id r16so11229439pfg.3 for <jimmy@somedomain.ca>; Sat, 22 Oct 2016 05:10:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:from:to:subject:message-id:date; bh=hC195D3nA0Uzbsy/ut7vMIZ53a6ExjkByblQBH/81WQ=; b=AJOIjSrQPo4+I5fbjmy+4QU7BBVFtRorLh4NYVEZv0zMY5dYn9OMh4pVRRiQoSN4JE k0JZJbBzkvPNGXD0ImqQ+cRPD6/Q9yN+QjbRJksR91dJvO2ZeM36OLsY7erIbOYgq1rz H80waLIVDDJSRZv2r4zvFnX9K6hE6fZDbDG7x3jKRkGnIzQk2Z1aQ/TGPTz8parrQJrT hryzTMSw7T5DKioVYElBpH/wlS8HMaoL2g023KzBtpwLrfkbFE3zeTv0GTryhEeunONH +UPEvLr+th5IKpG4VZlrGu17Vz4MKgJgB30g+KGu/Ljbzi/ffLSpSFkN7hZvs2mmBpY+ PoRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:to:subject:message-id:date; bh=hC195C3nA0Uzbsy/ut7vMKZ43a6ExjjByblQBH/81WQ=; b=HTTQdb/I0eBlF6Q3o0z/wf24aSyu2lvlvIkpoC4Ov+l7c+ruXRnzT5mkUMWiDFCr/w LuDQcy7SluQrrnWsCm1k87F4gsUz320Zvb9lCEBqB4FnN37e521tP/C++4tzv6tA09Sd W5Wpsk38bHYj5jesKABb0k0Nj4tmS39j7h18BqTY0fnCHjb03pLJNGA1hmACX84Clf27 bhsCyMhb5z6L7t5UOYTwQ95e2Vlx6jQH2P/h9iKyI+UnpoMOCe9grbvblSkdDiWTTMXR 5G9KhdrTUmIBfrj+VlhZQoPRXjEjENeD4XEAZ1E4e3lBJfgGbg9Jg6N6PwpxFbnlGReW gwHA== X-Gm-Message-State: ABUngvdfy0M/HHPXzmBpM3vEavjKEG5m35WPLvqH5SEh5U6PEOqEaJ7yK/eqjzO7jzkY1v9GbShSkKocgRqx1k3N1bmPLGh0 X-Received: by 10.99.110.142 with SMTP id j136mr8866332pgc.132.1477138220162; Sat, 22 Oct 2016 05:10:20 -0700 (PDT) MIME-Version: 1.0 Return-Path: <> Received: by 10.99.110.142 with SMTP id j136mr8914431pgc.132; Sat, 22 Oct 2016 05:10:20 -0700 (PDT) From: Mail Delivery Subsystem <mailer-daemon@googlemail.com> To: jimmy@somedomain.ca Subject: Delivery Status Notification (Delay) Message-ID: <001a11482caae59c5e053f730a8e@google.com> Date: Sat, 22 Oct 2016 12:10:20 +0000 Content-Type: text/plain; charset=UTF-8 This is an automatically generated Delivery Status Notification THIS IS A WARNING MESSAGE ONLY. YOU DO NOT NEED TO RESEND YOUR MESSAGE. Delivery to the following recipient has been delayed: samantha.bowmer@kojo.com.au Message will be resortinged for 4 more day(s) Technical details of temporary failure: The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 [210.5.32.9 210.5.32.9: generic::failed_precondition: connect error (0): error] ----- Original message ----- X-Gm-Message-State: ABUngvdKe24Xp8DT1rP2gApcFad5/HjrNajRrB9UWHnLxPY9Cmcnd7WyG1oLjYpJrvk4WmDa+0noZVd+uXaMy0PzgG1WVtzkSWXlgEFBYAOKWZTeGeIEOnQJPFBFZJuzwxnkd+KVKcW5 X-Received: by 10.99.110.142 with SMTP id j136mr16455830pgc.132.1476957867242; Thu, 20 Oct 2016 03:04:27 -0700 (PDT) X-Received: by 10.99.110.142 with SMTP id j136mr16455815pgc.132.1476957867120; Thu, 20 Oct 2016 03:04:27 -0700 (PDT) Return-Path: <jimmy@somedomain.ca> Received: from [2.191.29.134] ([2.191.29.134]) by mx.google.com with ESMTP id z80si44284204pfj.251.2016.10.20.03.04.25 for <samantha.bowmer@kojo.com.au>; Thu, 20 Oct 2016 03:04:26 -0700 (PDT) Received-SPF: neutral (google.com: 2.191.29.134 is neither permitted nor denied by best guess record for domain of james.snell@dawning.ca) client-ip=2.191.29.134; Authentication-Results: mx.google.com; spf=neutral (google.com: 2.191.29.134 is neither permitted nor denied by best guess record for domain of james.snell@dawning.ca) smtp.mailfrom=jimmy@somedomain.ca Message-ID: <233E36AEEE2BA6766B63FBEB0EF3233E@6C2L74D> From: <jimmy@somedomain.ca> To: <samantha.bowmer@kojo.com.au> Subject: Re: Salary [$1500 /week] Date: 20 Oct 2016 15:04:13 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0027_01D22AD6.01109020" X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 16.4.3505.912 X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3505.912 Dear samantha.bowmer, We are looking for employees working remotely. My name is Thanh, I am the personnel manager of a large International company. Most of the work you can do from home, that is, at a distance. Salary is $2900-$5100. If you are interestd in this offer, please visit Our Site Have a nice day! 

SPF ne signifie pas ne pas envoyer le courrier électronique, il s'agit juste d'un drapeau qui dit "Hard Fail" (-tout) le message, qui peut le faire débarquer dans le dossier de spam, qui est basé sur l'ESP.

Si vous activez DMARC avec une politique de rejet, vous allez 100% faire rejeter le message et ne pas être livré à cet ESP qui respecte une politique de DMARC. GMAIL est l'un de ces endroits.

L'activation d'un logging DMARC est tout aussi simple que l'ajout d'un logging SPF, il est entièrement basé sur une input DNS comme SPF.

Dans votre cas, votre dossier DMARC sera assez simple.

 _dmarc.somedomain.ca. IN TXT "v=DMARC1; p=reject; sp=none; rf=afrf; pct=100; ri=86400" 

Si vous voulez les rapports, il suffit d'append les informations RUA et RUF, au dossier ci-dessus. Vous pouvez créer des générateurs DMARC pour vous save.