{"id":62101,"date":"2023-04-19T17:06:34","date_gmt":"2023-04-19T15:06:34","guid":{"rendered":"https:\/\/www.bestonline.cz\/?p=62101"},"modified":"2023-05-10T08:35:42","modified_gmt":"2023-05-10T06:35:42","slug":"jak-si-vyzadat-zasilani-dmarc-reportu","status":"publish","type":"post","link":"https:\/\/www.bestonline.cz\/jak-si-vyzadat-zasilani-dmarc-reportu\/","title":{"rendered":"Jak si vy\u017e\u00e1dat zas\u00edl\u00e1n\u00ed DMARC report\u016f"},"content":{"rendered":"\n

Co to je a pro\u010d je dobr\u00e9 takov\u00fd report m\u00edt?<\/strong><\/h2>\n\n\n\n

DMARC (Domain-based Message Authentication, Reporting, and Conformance) reporty jsou generov\u00e1ny a zas\u00edl\u00e1ny e-mailov\u00fdmi poskytovateli a slu\u017ebami, kter\u00e9 p\u0159ij\u00edmaj\u00ed e-maily z va\u0161\u00ed dom\u00e9ny. Kdy\u017e e-mailov\u00fd poskytovatel p\u0159ijme e-mail z va\u0161\u00ed dom\u00e9ny, zkontroluje DMARC politiku va\u0161\u00ed dom\u00e9ny a ov\u011b\u0159\u00ed, zda e-mail spl\u0148uje autentiza\u010dn\u00ed po\u017eadavky SPF a DKIM. Na z\u00e1klad\u011b v\u00fdsledk\u016f ov\u011b\u0159en\u00ed a nastaven\u00ed va\u0161\u00ed DMARC politiky pak e-mailov\u00fd poskytovatel rozhodne, jak nalo\u017eit s e-mailem.<\/p>\n\n\n\n

E-mailov\u00ed poskytovatel\u00e9, jako jsou Microsoft a Seznam, zas\u00edlaj\u00ed DMARC reporty na z\u00e1klad\u011b informac\u00ed, kter\u00e9 maj\u00ed o e-mailech z va\u0161\u00ed dom\u00e9ny. Tyto reporty obsahuj\u00ed informace o \u00fasp\u011b\u0161nosti autentizace e-mail\u016f, kter\u00e9 byly odesl\u00e1ny z va\u0161\u00ed dom\u00e9ny a doru\u010deny jejich u\u017eivatel\u016fm.<\/p>\n\n\n\n

Nen\u00ed zaru\u010deno, \u017ee ka\u017ed\u00fd e-mailov\u00fd poskytovatel nebo slu\u017eba bude zas\u00edlat DMARC reporty, ale mnoho velk\u00fdch poskytovatel\u016f, jako jsou Google, Microsoft, Yahoo, Seznam a dal\u0161\u00ed, tak \u010din\u00ed. Ka\u017ed\u00fd z t\u011bchto poskytovatel\u016f m\u00e1 sv\u00e9 vlastn\u00ed postupy pro generov\u00e1n\u00ed a zas\u00edl\u00e1n\u00ed DMARC report\u016f. Z toho d\u016fvodu m\u016f\u017eete obdr\u017eet reporty od r\u016fzn\u00fdch e-mailov\u00fdch poskytovatel\u016f, co\u017e v\u00e1m pom\u00e1h\u00e1 z\u00edskat ucelen\u011bj\u0161\u00ed p\u0159ehled o \u00fasp\u011b\u0161nosti autentizace e-mail\u016f z va\u0161\u00ed dom\u00e9ny.<\/p>\n\n\n\n

Co obsahuje report?<\/strong><\/h2>\n\n\n\n

Uk\u00e1zkov\u00fd report pro spole\u010dnosti Microsoft vypad\u00e1 n\u00e1sledovn\u011b:<\/p>\n\n\n\n

<?xml version=\"1.0\"?>\n<feedback xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\" xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\">\n  <version>1.0<\/version>\n  <report_metadata>\n    <org_name>Enterprise Outlook<\/org_name>\n    <email>dmarcreport@microsoft.com<\/email>\n    <report_id>934e8ef4a7544ed99f4db5984f03a94e<\/report_id>\n    <date_range>\n      <begin>1681516800<\/begin>\n      <end>1681603200<\/end>\n    <\/date_range>\n  <\/report_metadata>\n  <policy_published>\n    <domain>bestonline.cz<\/domain>\n    <adkim>r<\/adkim>\n    <aspf>r<\/aspf>\n    <p>none<\/p>\n    <sp>reject<\/sp>\n    <pct>100<\/pct>\n    <fo>0<\/fo>\n  <\/policy_published>\n  <record>\n    <row>\n      <source_ip>185.178.175.48<\/source_ip>\n      <count>4<\/count>\n      <policy_evaluated>\n        <disposition>none<\/disposition>\n        <dkim>fail<\/dkim>\n        <spf>fail<\/spf>\n      <\/policy_evaluated>\n    <\/row>\n    <identifiers>\n      <envelope_to>alessykora.cz<\/envelope_to>\n      <envelope_from>innovative-www1.zcom.cz<\/envelope_from>\n      <header_from>bestonline.cz<\/header_from>\n    <\/identifiers>\n    <auth_results>\n      <spf>\n        <domain>innovative-www1.zcom.cz<\/domain>\n        <scope>mfrom<\/scope>\n        <result>none<\/result>\n      <\/spf>\n    <\/auth_results>\n  <\/record>\n<\/feedback>\n<\/code><\/pre>\n\n\n\n
Tento DMARC report z Microsoftu poskytuje informace o tom, jak byly e-maily odeslan\u00e9 z dom\u00e9ny bestonline.cz ov\u011b\u0159eny na z\u00e1klad\u011b DMARC politiky. <\/p>\n\n\n\n
Zde je p\u0159ehled informac\u00ed uveden\u00fdch v reportu:<\/p>\n\n\n\n
    \n
  1. Report_metadata<\/strong>: obsahuje informace o reportu, jako je n\u00e1zev organizace, e-mail, ID reportu a \u010dasov\u00fd rozsah, ve kter\u00e9m byly e-maily sledov\u00e1ny.<\/li>\n\n\n\n
  2. Policy_published<\/strong>: informace o DMARC politice va\u0161\u00ed dom\u00e9ny bestonline.cz. Nap\u0159\u00edklad:\n\n\n\n\n
      \n
    • adkim a aspf nastaveny na 'r' znamen\u00e1, \u017ee je pou\u017eit re\u017eim relaxace pro DKIM a SPF ov\u011b\u0159en\u00ed.<\/li>\n\n\n\n
    • p nastaveno na 'none' znamen\u00e1, \u017ee nebyla provedena \u017e\u00e1dn\u00e1 konkr\u00e9tn\u00ed akce, pokud do\u0161lo k selh\u00e1n\u00ed ov\u011b\u0159en\u00ed.<\/li>\n\n\n\n
    • sp nastaveno na 'reject' znamen\u00e1, \u017ee e-maily od subdom\u00e9n by m\u011bly b\u00fdt odm\u00edtnuty, pokud sel\u017eou ov\u011b\u0159en\u00ed DMARC.<\/li>\n\n\n\n
    • pct (procento) nastaveno na 100 znamen\u00e1, \u017ee DMARC politika se vztahuje na 100% e-mail\u016f z va\u0161\u00ed dom\u00e9ny.<\/li>\n\n\n\n
    • fo (forensic reporting) nastaveno na 0 znamen\u00e1, \u017ee nejsou generov\u00e1ny \u017e\u00e1dn\u00e9 podrobn\u00e9 zpr\u00e1vy o selh\u00e1n\u00edch.<\/li>\n<\/ul>\n\n\n\n
        \n
      • source_ip: IP adresa odes\u00edlatele e-mailu.<\/li>\n\n\n\n
      • count: po\u010det e-mail\u016f odeslan\u00fdch z dan\u00e9 IP adresy.<\/li>\n\n\n\n
      • policy_evaluated: v\u00fdsledek ov\u011b\u0159en\u00ed DKIM a SPF.<\/li>\n\n\n\n
      • dkim a spf: hodnoty 'fail' znamenaj\u00ed, \u017ee ov\u011b\u0159en\u00ed DKIM a SPF selhaly.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
      • Record<\/strong>: obsahuje detaily o e-mailech, kter\u00e9 byly zaznamen\u00e1ny b\u011bhem \u010dasov\u00e9ho rozsahu reportu.<\/li>\n\n\n\n
      • Identifiers<\/strong>: informace o e-mailov\u00fdch adres\u00e1ch pou\u017eit\u00fdch v ob\u00e1lce a hlavi\u010dce e-mailu.\n
          \n
        • envelope_to: e-mailov\u00e1 adresa p\u0159\u00edjemce.<\/li>\n\n\n\n
        • envelope_from: e-mailov\u00e1 adresa odes\u00edlatele.<\/li>\n\n\n\n
        • header_from: adresa odes\u00edlatele uveden\u00e1 v hlavi\u010dce e-mailu.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
        • Auth_results<\/strong>: v\u00fdsledky ov\u011b\u0159en\u00ed SPF.\n
            \n
          • domain: dom\u00e9na pou\u017eit\u00e1 pro ov\u011b\u0159en\u00ed SPF.<\/li>\n\n\n\n
          • scope: rozsah ov\u011b\u0159en\u00ed (mfrom = mail from).<\/li>\n\n\n\n
          • result: v\u00fdsledek ov\u011b\u0159en\u00ed SPF (none znamen\u00e1, \u017ee SPF nebylo ov\u011b\u0159eno).<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
            Obdobn\u00fd report ze Seznamu:<\/p>\n\n\n\n
            <?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<feedback>\n    <version>1.0<\/version>\n    <report_metadata>\n        <org_name>seznam.cz a.s.<\/org_name>\n        <email>abuse@seznam.cz<\/email>\n        <report_id>szn_bestonline.cz-2023-04-17<\/report_id>\n        <date_range>\n            <begin>1681689600<\/begin>\n            <end>1681776000<\/end>\n        <\/date_range>\n    <\/report_metadata>\n    <policy_published>\n        <domain>bestonline.cz<\/domain>\n        <adkim>r<\/adkim>\n        <aspf>r<\/aspf>\n        <p>none<\/p>\n        <sp>reject<\/sp>\n        <pct>100<\/pct>\n        <fo>0<\/fo>\n    <\/policy_published>\n    <record>\n        <row>\n            <source_ip>2a01:111:f400:fe0c::62b<\/source_ip>\n            <count>1<\/count>\n            <policy_evaluated>\n                <disposition>none<\/disposition>\n                <dkim>pass<\/dkim>\n                <spf>pass<\/spf>\n            <\/policy_evaluated>\n        <\/row>\n        <identifiers>\n            <header_from>bestonline.cz<\/header_from>\n        <\/identifiers>\n        <auth_results>\n             <dkim>\n                <domain>bestonline.cz<\/domain>\n                <result>pass<\/result>\n                <selector>selector1<\/selector>\n            <\/dkim>\n             <spf>\n                <domain>bestonline.cz<\/domain>\n                <scope>mfrom<\/scope>\n                <result>pass<\/result>\n            <\/spf>\n        <\/auth_results>\n    <\/record><record>\n        <row>\n            <source_ip>2a01:111:f400:fe1a::631<\/source_ip>\n            <count>2<\/count>\n            <policy_evaluated>\n                <disposition>none<\/disposition>\n                <dkim>pass<\/dkim>\n                <spf>pass<\/spf>\n            <\/policy_evaluated>\n        <\/row>\n        <identifiers>\n            <header_from>bestonline.cz<\/header_from>\n        <\/identifiers>\n        <auth_results>\n             <dkim>\n                <domain>bestonline.cz<\/domain>\n                <result>pass<\/result>\n                <selector>selector1<\/selector>\n            <\/dkim>\n             <spf>\n                <domain>bestonline.cz<\/domain>\n                <scope>mfrom<\/scope>\n                <result>pass<\/result>\n            <\/spf>\n        <\/auth_results>\n    <\/record>\n<\/feedback>\n<\/code><\/pre>\n\n\n\n
            Tento report od Seznam.cz tedy ukazuje, \u017ee e-maily odeslan\u00e9 z t\u011bchto IP adres byly \u00fasp\u011b\u0161n\u011b ov\u011b\u0159eny pomoc\u00ed DKIM a SPF. To znamen\u00e1, \u017ee e-maily odeslan\u00e9 z t\u011bchto IP adres by m\u011bly b\u00fdt doru\u010deny p\u0159\u00edjemc\u016fm bez probl\u00e9m\u016f.<\/p>\n\n\n\n
            Je d\u016fle\u017eit\u00e9 sledovat reporty od r\u016fzn\u00fdch firem, proto\u017ee mohou poskytnout r\u016fzn\u00e9 pohledy na doru\u010ditelnost e-mail\u016f a pomoci v\u00e1m identifikovat potenci\u00e1ln\u00ed probl\u00e9my.<\/strong><\/p>\n\n\n\n
            Jak si nastavit, \u017ee chcete reporty z\u00edsk\u00e1vat?<\/h2>\n\n\n\n
            Jednodu\u0161e si ke sv\u00e9 dom\u00e9n\u011b p\u0159idejte n\u00e1sleduj\u00edc\u00ed DNS  z\u00e1znam:<\/p>\n\n\n\n
              \n
            • Hostname<\/em>: _dmarc.vasedomena.cz<\/strong><\/li>\n\n\n\n
            • TTL: ponechte va\u0161e standardn\u00ed jako u ostatn\u00edch z\u00e1znam\u016f<\/strong><\/li>\n\n\n\n
            • Typ<\/em>: txt<\/strong><\/li>\n\n\n\n
            • Hodnota<\/em>: v=DMARC1;p=none;rua=mailto:vasmail@vasedomena.cz;<\/strong>
              ruf=mailto:vasmail@vasedomena.cz;<\/strong>sp=reject;ri=84600<\/strong> (pi\u0161te bez mezer)<\/li>\n<\/ul>\n\n\n\n
              Vysv\u011btlen\u00ed:<\/p>\n\n\n\n
                \n
              • _dmarc.bestonline.cz<\/strong><\/code>: Tento n\u00e1zev z\u00e1znamu ukazuje, \u017ee se jedn\u00e1 o DMARC z\u00e1znam pro dom\u00e9nu bestonline.cz.<\/li>\n\n\n\n
              • 1800<\/strong><\/code>: Toto je TTL (Time to Live) z\u00e1znamu v sekund\u00e1ch, co\u017e znamen\u00e1, \u017ee DNS servery by m\u011bly uchov\u00e1vat tento z\u00e1znam v cache po dobu 1800 sekund (30 minut) p\u0159ed dal\u0161\u00edm dotazov\u00e1n\u00edm.<\/li>\n\n\n\n
              • TXT<\/strong><\/code>: Tento z\u00e1znam je ulo\u017een jako textov\u00fd (TXT) z\u00e1znam v DNS.<\/li>\n\n\n\n
              • v=DMARC1<\/strong><\/code>: Toto ozna\u010duje verzi DMARC protokolu, kter\u00fd je pou\u017eit (v tomto p\u0159\u00edpad\u011b verze 1).<\/li>\n\n\n\n
              • p=none<\/strong><\/code>: Tato \u010d\u00e1st z\u00e1znamu definuje politiku pro hlavn\u00ed dom\u00e9nu. Hodnota \"none\" znamen\u00e1, \u017ee e-maily, kter\u00e9 sel\u017eou v DMARC ov\u011b\u0159en\u00ed, nebudou zam\u00edtnuty ani karant\u00e9nov\u00e1ny, ale budou zpracov\u00e1ny jako obvykle. Tato volba je \u010dasto pou\u017e\u00edv\u00e1na pro monitorov\u00e1n\u00ed a sb\u011br dat p\u0159ed uplatn\u011bn\u00edm p\u0159\u00edsn\u011bj\u0161\u00ed politiky.<\/li>\n\n\n\n
              • rua=mailto<\/strong>:vasmail@vasedomena.cz<\/strong><\/code>:: Toto je adresa, na kterou maj\u00ed b\u00fdt zas\u00edl\u00e1ny DMARC agregovan\u00e9 reporty, kter\u00e9 poskytuj\u00ed informace o \u00fasp\u011b\u0161nosti autentizace e-mail\u016f.<\/li>\n\n\n\n
              • ruf=mailto<\/strong>:vasmail@vasedomena.cz<\/strong><\/code>: Toto je adresa, na kterou maj\u00ed b\u00fdt zas\u00edl\u00e1ny DMARC forenzn\u00ed reporty, kter\u00e9 poskytuj\u00ed podrobn\u011bj\u0161\u00ed informace o e-mailech, kter\u00e9 selhaly v DMARC ov\u011b\u0159en\u00ed.<\/li>\n\n\n\n
              • sp=reject<\/strong><\/code>: Tato \u010d\u00e1st z\u00e1znamu definuje politiku pro subdom\u00e9ny. Hodnota \"reject\" znamen\u00e1, \u017ee e-maily, kter\u00e9 sel\u017eou v DMARC ov\u011b\u0159en\u00ed a poch\u00e1zej\u00ed ze subdom\u00e9n, budou zam\u00edtnuty.<\/li>\n\n\n\n
              • ri=84600<\/strong><\/code>: Toto je interval reportov\u00e1n\u00ed v sekund\u00e1ch, kter\u00fd ur\u010duje, jak \u010dasto by m\u011bly b\u00fdt DMARC reporty generov\u00e1ny a odes\u00edl\u00e1ny. V tomto p\u0159\u00edpad\u011b je interval nastaven na 84600 sekund (23 hodin 30 minut). Abyste to nemuseli po\u010d\u00edtat, tak m\u011bs\u00ed\u010dn\u00ed report je ri=2592000 \ud83d\ude42<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
                Co to je a pro\u010d je dobr\u00e9 takov\u00fd report m\u00edt? DMARC (Domain-based Message Authentication, Reporting, and Conformance) reporty jsou generov\u00e1ny a zas\u00edl\u00e1ny e-mailov\u00fdmi poskytovateli a slu\u017ebami, kter\u00e9 p\u0159ij\u00edmaj\u00ed e-maily z va\u0161\u00ed dom\u00e9ny. Kdy\u017e e-mailov\u00fd poskytovatel p\u0159ijme e-mail z va\u0161\u00ed dom\u00e9ny, zkontroluje DMARC politiku va\u0161\u00ed dom\u00e9ny a ov\u011b\u0159\u00ed, zda e-mail spl\u0148uje autentiza\u010dn\u00ed po\u017eadavky SPF a DKIM. […]<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/posts\/62101"}],"collection":[{"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/comments?post=62101"}],"version-history":[{"count":5,"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/posts\/62101\/revisions"}],"predecessor-version":[{"id":62139,"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/posts\/62101\/revisions\/62139"}],"wp:attachment":[{"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/media?parent=62101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/categories?post=62101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bestonline.cz\/wp-json\/wp\/v2\/tags?post=62101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}