127.0.0.1:9200
URL: http://127.0.0.1:9200/likecs_art_db/_search
REQUEST:Array
(
[query] => Array
(
[match] => Array
(
[text] => Array
(
[query] => 识破“钓鱼”伪装 邮箱防骗策略详解
)
)
)
[highlight] => Array
(
[fields] => Array
(
[text] => stdClass Object
(
)
)
[pre_tags] => #em#
[post_tags] => #/em#
)
[size] => 8
[from] => 0
)
RESPONSE:string(7612) "{"took":28,"timed_out":false,"_shards":{"total":1,"successful":1,"skipped":0,"failed":0},"hits":{"total":{"value":10000,"relation":"gte"},"max_score":74.33507,"hits":[{"_index":"likecs_art_db","_type":"_doc","_id":"69108","_score":74.33507,"_source":{"id":"69108","text":"\u8bc6\u7834\u201c\u9493\u9c7c\u201d\u4f2a\u88c5 \u90ae\u7bb1\u9632\u9a97\u7b56\u7565\u8be6\u89e3","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"Security-X","tagsname":"\u4e1a\u52a1\u5b89\u5168|\u4f01\u4e1a\u5b89\u5168|\u4fe1\u606f\u5b89\u5168|\u90ae\u4ef6\u5b89\u5168","tagsid":"[\"20604\",\"16148\",\"814\",24222]","catesname":"","catesid":"[]","createtime":"1565687828"},"highlight":{"text":["#em#识#/em##em#破#/em#“#em#钓#/em##em#鱼#/em#”#em#伪#/em##em#装#/em# #em#邮#/em##em#箱#/em##em#防#/em##em#骗#/em##em#策#/em##em#略#/em##em#详#/em##em#解#/em#"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"203426748","_score":32.41937,"_source":{"id":"203426748","text":"\u9493\u9c7cDNS\u6b3a\u9a97","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"","tagsname":null,"tagsid":"","catesname":null,"catesid":"","createtime":"1623796751"},"highlight":{"text":["#em#钓#/em##em#鱼#/em#DNS欺#em#骗#/em#"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"421446","_score":31.040009,"_source":{"id":"421446","text":"\u90ae\u7bb1\u4f2a\u9020\u8be6\u89e3","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"chen110xi","tagsname":null,"tagsid":"","catesname":null,"catesid":"","createtime":"1635473413"},"highlight":{"text":["#em#邮#/em##em#箱#/em##em#伪#/em#造#em#详#/em##em#解#/em#"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"740881","_score":29.035118,"_source":{"id":"740881","text":"[\u8f6c] \u90ae\u7bb1\u9493\u9c7c\u653b\u51fb\u5206\u6790\u5b9e\u4f8b","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"hellojianqun","tagsname":null,"tagsid":"","catesname":null,"catesid":"","createtime":"1636242842"},"highlight":{"text":["[转] #em#邮#/em##em#箱#/em##em#钓#/em##em#鱼#/em#攻击分析实例"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"904481","_score":28.347404,"_source":{"id":"904481","text":"\u8bb0\u4e00\u6b21\u6536\u5230QQ\u90ae\u7bb1\u9493\u9c7c\u90ae\u4ef6\u7ecf\u5386","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"a3192048","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1638459974"},"highlight":{"text":["记一次收到QQ#em#邮#/em##em#箱#/em##em#钓#/em##em#鱼#/em##em#邮#/em#件经历"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"321781","_score":27.624094,"_source":{"id":"321781","text":"\u9493\u9c7cWIFI\u7684\u9632\u8303","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"LILi666","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1631599824"},"highlight":{"text":["#em#钓#/em##em#鱼#/em#WIFI的#em#防#/em#范"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"364184","_score":26.574076,"_source":{"id":"364184","text":"\u9493\u9c7c\u90ae\u4ef6\u79ef\u5206\u5236","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"cn-gov","tagsname":null,"tagsid":"","catesname":null,"catesid":"","createtime":"1640663334"},"highlight":{"text":["#em#钓#/em##em#鱼#/em##em#邮#/em#件积分制"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"203521651","_score":25.942396,"_source":{"id":"203521651","text":"Google \u8b66\u544a\u4f2a\u88c5\u6210 Google Docs \u7684\u9493\u9c7c\u653b\u51fb","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"","tagsname":null,"tagsid":"","catesname":null,"catesid":"","createtime":"1641056430"},"highlight":{"text":["Google 警告#em#伪#/em##em#装#/em#成 Google Docs 的#em#钓#/em##em#鱼#/em#攻击"]}}]}}"
127.0.0.1:9200
URL: http://127.0.0.1:9200/likecs_art_db/_search
REQUEST:Array
(
[query] => Array
(
[match] => Array
(
[text] => Array
(
[query] => 识破“钓鱼”伪装 邮箱防骗策略详解
)
)
)
[highlight] => Array
(
[fields] => Array
(
[text] => stdClass Object
(
)
)
[pre_tags] => #em#
[post_tags] => #/em#
)
[size] => 8
[from] => 8
)
RESPONSE:string(7467) "{"took":27,"timed_out":false,"_shards":{"total":1,"successful":1,"skipped":0,"failed":0},"hits":{"total":{"value":10000,"relation":"gte"},"max_score":74.33507,"hits":[{"_index":"likecs_art_db","_type":"_doc","_id":"859756","_score":23.72961,"_source":{"id":"859756","text":"\u9493\u9c7c\u90ae\u4ef6\u4ece\u5165\u95e8\u5230\u653e\u5f03","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"tomyyyyy","tagsname":null,"tagsid":"","catesname":"","catesid":"","createtime":"1639538948"},"highlight":{"text":["#em#钓#/em##em#鱼#/em##em#邮#/em#件从入门到放弃"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"218169","_score":23.684422,"_source":{"id":"218169","text":"\u600e\u6837\u7834\u89e3\u90ae\u7bb1password","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"blfshiye","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1629087019"},"highlight":{"text":["怎样#em#破#/em##em#解#/em##em#邮#/em##em#箱#/em#password"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"894726","_score":23.684422,"_source":{"id":"894726","text":"\u600e\u6837\u7834\u89e3\u90ae\u7bb1password","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"gcczhongduan","tagsname":"","tagsid":"","catesname":"","catesid":"","createtime":"1639538821"},"highlight":{"text":["怎样#em#破#/em##em#解#/em##em#邮#/em##em#箱#/em#password"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"203516612","_score":23.551828,"_source":{"id":"203516612","text":"\u6c99\u7bb1\u652f\u4ed8\u5b58\u5728\u9493\u9c7c\u98ce\u9669\u89e3\u51b3\u529e\u6cd5","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"","tagsname":null,"tagsid":"","catesname":null,"catesid":"","createtime":"1642389765"},"highlight":{"text":["沙#em#箱#/em#支付存在#em#钓#/em##em#鱼#/em#风险#em#解#/em#决办法"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"530952","_score":23.341335,"_source":{"id":"530952","text":"6.\u7b2c\u516d\u8282[\u9493\u9c7c MSF\u8054\u52a8\u9493\u9c7c]","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"lalalaxiaoyuren","tagsname":"","tagsid":"","catesname":null,"catesid":"","createtime":"1634623658"},"highlight":{"text":["6.第六节[#em#钓#/em##em#鱼#/em# MSF联动#em#钓#/em##em#鱼#/em#]"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"203357491","_score":22.726667,"_source":{"id":"203357491","text":"\u9493\u9c7c\u7f51\u7ad9","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"","tagsname":null,"tagsid":"","catesname":null,"catesid":"","createtime":"1635912426"},"highlight":{"text":["#em#钓#/em##em#鱼#/em#网站"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"203364321","_score":22.603401,"_source":{"id":"203364321","text":"\u4f7f\u7528Outlook\u6b3a\u9a97\u6027\u4e91\u9644\u4ef6\u8fdb\u884c\u7f51\u7edc\u9493\u9c7c","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"H4ck3R-XiX","tagsname":"\u5916\u90e8\u6253\u70b9|\u9a9a\u64cd\u4f5c","tagsid":"[32529,\"32264\"]","catesname":"","catesid":"[]","createtime":"1642831914"},"highlight":{"text":["使用Outlook欺#em#骗#/em#性云附件进行网络#em#钓#/em##em#鱼#/em#"]}},{"_index":"likecs_art_db","_type":"_doc","_id":"706485","_score":22.434942,"_source":{"id":"706485","text":"\u8be6\u89e3\u8def\u7531\u7b56\u7565\u548c\u7b56\u7565\u8def\u7531","intro":"\u76ee\u5f55\n\nECharts\n\u5f02\u6b65\u52a0\u8f7d\n\n\n\nECharts\r\n\u6570\u636e\u53ef\u89c6\u5316\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\u53d6\u5f97\u4e86\u5de8\u5927\u8fdb\u5c55\u3002\u5f00\u53d1\u4eba\u5458\u5bf9\u53ef\u89c6\u5316\u4ea7\u54c1\u7684\u671f\u671b\u4e0d\u518d\u662f\u7b80\u5355\u7684\u56fe\u8868\u521b\u5efa\u5de5\u5177\uff0c\u800c\u662f\u5728\u4ea4\u4e92\u3001\u6027\u80fd\u3001\u6570\u636e\u5904\u7406\u7b49\u65b9\u9762\u6709\u66f4\u9ad8\u7684\u8981\u6c42\u3002\r\nchart.setOption({\r\n color: [\r\n ","username":"swordxia","tagsname":null,"tagsid":"","catesname":null,"catesid":"","createtime":"1635984356"},"highlight":{"text":["#em#详#/em##em#解#/em#路由#em#策#/em##em#略#/em#和#em#策#/em##em#略#/em#路由"]}}]}}"
127.0.0.1:9200
URL: http://192.168.101.128/searchcore/index.php/cihere_cn_db/_search
REQUEST:Array
(
[query] => Array
(
[match] => Array
(
[title] => Array
(
[query] => 识破“钓鱼”伪装 邮箱防骗策略详解
)
)
)
[highlight] => Array
(
[fields] => Array
(
[title] => stdClass Object
(
)
)
[pre_tags] => #em#
[post_tags] => #/em#
)
[from] => 0
)
RESPONSE:bool(false)
127.0.0.1:9200
URL: http://127.0.0.1:9200/likecs_down_db/_search
REQUEST:Array
(
[query] => Array
(
[bool] => Array
(
[must] => Array
(
[0] => Array
(
[match] => Array
(
[title] => Array
(
[query] => 识破“钓鱼”伪装 邮箱防骗策略详解
)
)
)
)
[must_not] => Array
(
[0] => Array
(
[term] => Array
(
[cate1] => 电子书籍
)
)
)
)
)
[highlight] => Array
(
[fields] => Array
(
[title] => stdClass Object
(
)
)
[pre_tags] => #em#
[post_tags] => #/em#
)
[size] => 5
[from] => 0
)
RESPONSE:string(3349) "{"took":8,"timed_out":false,"_shards":{"total":1,"successful":1,"skipped":0,"failed":0},"hits":{"total":{"value":2449,"relation":"eq"},"max_score":18.551588,"hits":[{"_index":"likecs_down_db","_type":"_doc","_id":"59021","_score":18.551588,"_source":{"id":"59021","title":"SEO\u653b\u7565\uff1a\u641c\u7d22\u5f15\u64ce\u4f18\u5316\u7b56\u7565\u4e0e\u5b9e\u6218\u6848\u4f8b\u8be6\u89e3 PDF\u626b\u63cf\u7248","spidertime":"1623066244","contenttime":"1674380866","pageimage":"https:\/\/img.jbzj.com\/do\/uploads\/litimg\/130219\/0023411D15.gif","tag":"SEO\u653b\u7565|\u641c\u7d22\u5f15\u64ce\u4f18\u5316\u7b56\u7565","cate1":"\u7535\u5b50\u4e66\u7c4d","cate2":"\u7ad9\u957f\u4e66\u7c4d","attr1":"22MB"},"highlight":{"title":["SEO攻#em#略#/em#:搜索引擎优化#em#策#/em##em#略#/em#与实战案例#em#详#/em##em#解#/em# PDF扫描版"]}},{"_index":"likecs_down_db","_type":"_doc","_id":"7770","_score":18.551588,"_source":{"id":"7770","title":"SEO\u653b\u7565\uff1a\u641c\u7d22\u5f15\u64ce\u4f18\u5316\u7b56\u7565\u4e0e\u5b9e\u6218\u6848\u4f8b\u8be6\u89e3 PDF\u626b\u63cf\u7248","spidertime":"1622874076","contenttime":"1622874076","pageimage":"https:\/\/img.jbzj.com\/do\/uploads\/litimg\/130219\/0023411D15.gif","tag":"SEO\u653b\u7565|\u641c\u7d22\u5f15\u64ce\u4f18\u5316\u7b56\u7565","cate1":"\u7535\u5b50\u4e66\u7c4d","cate2":"\u7ad9\u957f\u4e66\u7c4d","attr1":"22MB"},"highlight":{"title":["SEO攻#em#略#/em#:搜索引擎优化#em#策#/em##em#略#/em#与实战案例#em#详#/em##em#解#/em# PDF扫描版"]}},{"_index":"likecs_down_db","_type":"_doc","_id":"51572","_score":18.518269,"_source":{"id":"51572","title":"MatlabR2014a\u5b89\u88c5\u7834\u89e3\u8be6\u7ec6\u56fe\u6587\u6559\u7a0b \u4e2d\u6587PDF\u7248","spidertime":"1623055894","contenttime":"1624503952","pageimage":"https:\/\/img.jbzj.com\/do\/uploads\/litimg\/160922\/1G9255cc1.png","tag":"Matlab|\u5b89\u88c5|\u7834\u89e3|\u56fe\u6587\u6559\u7a0b","cate1":"\u7535\u5b50\u4e66\u7c4d","cate2":"\u7f16\u7a0b\u5f00\u53d1","cate3":"matlab","attr1":"598KB"},"highlight":{"title":["MatlabR2014a安#em#装#/em##em#破#/em##em#解#/em##em#详#/em#细图文教程 中文PDF版"]}},{"_index":"likecs_down_db","_type":"_doc","_id":"101847","_score":18.518269,"_source":{"id":"101847","title":"MatlabR2014a\u5b89\u88c5\u7834\u89e3\u8be6\u7ec6\u56fe\u6587\u6559\u7a0b \u4e2d\u6587PDF\u7248","spidertime":"1625740877","contenttime":"1625876358","pageimage":"https:\/\/img.jbzj.com\/do\/uploads\/litimg\/160922\/1G9255cc1.png","tag":"Matlab|\u5b89\u88c5|\u7834\u89e3|\u56fe\u6587\u6559\u7a0b","cate1":"\u7535\u5b50\u4e66\u7c4d","cate2":"\u7f16\u7a0b\u5f00\u53d1","cate3":"matlab","attr1":"598KB"},"highlight":{"title":["MatlabR2014a安#em#装#/em##em#破#/em##em#解#/em##em#详#/em#细图文教程 中文PDF版"]}},{"_index":"likecs_down_db","_type":"_doc","_id":"96652","_score":16.955116,"_source":{"id":"96652","title":"\u9493\u9c7c\u5c9b\u6297\u8bae\u5899 asp\u7248 v1.0","spidertime":"1623213742","contenttime":"1625427347","pageimage":"https:\/\/img.jbzj.com\/do\/uploads\/litimg\/121016\/115602101b9.gif","tag":"\u9493\u9c7c\u5c9b\u6297\u8bae\u5899|\u9493\u9c7c\u5c9b\u8bb8\u613f\u5899","cate1":"\u6e90\u7801\u4e0b\u8f7d","cate2":"asp\u6e90\u7801","cate3":"\u7559\u8a00\u804a\u5929","attr1":"810KB"},"highlight":{"title":["#em#钓#/em##em#鱼#/em#岛抗议墙 asp版 v1.0"]}}]}}"
识破“钓鱼”伪装 邮箱防骗策略详解 - 爱码网
作者
作者|Feei(止介):蚂蚁金服负责安全架构工作,任高级安全专家,原美丽联合集团信息安全总监, Cobra作者,擅长解决方案产品化和项目管理,同时也是一名安全工程师,专注于自动化安全发现与防御,擅长安全架构设计、安全产品解决方案并产品化。
1 邮件伪造实践
1.1 邮件伪造原理
SMTP协议本身的From是可以随便填写的,多见于各种邮件钓鱼。
1.2 常见钓鱼邮件
冒充Apple官方,让你登陆Apple ID,从而盗取你的苹果账号,一般手机丢失后容易收到此类邮件用来骗取你账号密码从而解锁iPhone。
冒充老板、同事,索要通讯录、让你点击连接修改密码、索要其它信息等
冒充各种服务商,让你点击连接骗取账号密码。
钓鱼邮件手法多种多样,但万变不离其宗,本质上是希望你能:
- 打开邮件:不要以为就打开邮件不做其它操作就没风险,打开的这一步可能就触发邮件内的图片等资源加载,对方就能知道你打开的时间和IP等信息,另外也有一些针对邮件服务商的漏洞,打开后也会触发。
- 回复邮件:往往冒充各种人,比如你的老板、同事甚至政府机关等以各种名义让你提供账号密码或个人信息等。
- 点击连接:会跳到恶意网站,通过一些漏洞使你电脑执行特定程序。
- 下载附件:附件可能是个文档或者图标,点击后就会触发可执行程序。
目的也各不相同:
- 加密电脑所有有用文件并勒索;
- 控制电脑作为肉鸡用来攻击或浏览广告;
- 恶作剧,删除所有文件,强制死机等;
1.3 邮件伪造实践
我们以马化腾邮箱的名义给自己发一封邮件,只需改动SMTP里的From即可。
在腾讯企业邮箱邮件列表页中没有任何异常。
在腾讯企业邮箱邮件详情中会提示**真实发送地址和宣称的发件人地址不一致**,并显示了真实的发送地址。
在macOS的Mail客户端中无任何异常。
在微信小程序的腾讯企业邮箱中无任何异常。
1.4 邮件伪造代码
# -*- coding: utf-8 -*-
"""
fake-mail
~~~~~~~~~
伪造发件人发送邮件
:author: Feei <feei@feei.cn>
:homepage: https://github.com/FeeiCN/Mail-Checker
:license: GPL, see LICENSE for more details.
:copyright: Copyright (c) 2015 Feei. All rights reserved
"""
import smtplib
import traceback
from smtplib import SMTPException
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
host = 'smtp.exmail.qq.com'
port = '25'
username = 'feei@feei.cn'
password = '配置好腾讯邮箱密码'
def mail(subject, to, html, fake_name, fake_mail):
"""
Send mail
:param subject: 主题
:param to: 发给谁
:param html: 内容
:param fake_name: 以谁的名义
:param fake_mail: 以谁的邮箱
:return:
"""
msg = MIMEMultipart()
msg['Subject'] = subject
msg['From'] = '{0} <{1}>'.format(fake_name, fake_mail)
# 支持多用户接收邮件
msg['To'] = to
text = MIMEText(html, 'html', 'utf-8')
msg.attach(text)
try:
s = smtplib.SMTP(host, port)
s.ehlo()
s.starttls()
s.ehlo()
s.login(username, password)
s.sendmail(username, to.split(','), msg.as_string())
s.quit()
return True
except SMTPException:
print('Send mail failed')
traceback.print_exc()
return False
assert mail('Test by @Feei', 'zhijie@meili-inc.com', 'Fake Mail Content', '马化腾', 'tony@tencent.com')
2 邮件伪造防范
2.1 限制来信地址(SPF)
发件人策略框架(SPF),简单理解就是告诉所有的邮件服务器收到我这个域名发送的邮件时,以我告诉你的IP地址为准,不是我们IP地址的都算作伪造。
SPF原理
通过给发件域名配置一个TXT类型DNS记录,当其它的DNS Server收到我们域名的邮件时,会查询该域名TXT记录中是否存在SPF记录,如果存在则会获取SPF标记的IP,拿到IP和实际发件IP比对,从而判断是否伪造。
腾讯企业邮箱的SPF记录
# 查询qq.com根域名的TXT类型的DNS记录
# 解析到了spf.mail.qq.com域名上
➜ ~ dig -t txt qq.com
; <<>> DiG 9.10.6 <<>> -t txt qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20179
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;qq.com. IN TXT
;; ANSWER SECTION:
qq.com. 1388 IN TXT "v=spf1 include:spf.mail.qq.com -all"
;; Query time: 26 msec
;; MSG SIZE rcvd: 83
# 查询spf.mail.qq.com的TXT记录
# 解析到了spf-a.mail.qq.com等多个域名上
➜ ~ dig -t txt spf.mail.qq.com
; <<>> DiG 9.10.6 <<>> -t txt spf.mail.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8072
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;spf.mail.qq.com. IN TXT
;; ANSWER SECTION:
spf.mail.qq.com. 6423 IN TXT "v=spf1 include:spf-a.mail.qq.com include:spf-b.mail.qq.com include:spf-c.mail.qq.com include:spf-d.mail.qq.com include:spf-e.mail.qq.com include:spf-f.mail.qq.com -all"
;; Query time: 15 msec
;; MSG SIZE rcvd: 224
# 查询spf-f.mail.qq.com的TXT记录
# 显示的是最终的IP地址段
➜ ~ dig -t txt spf-a.mail.qq.com
; <<>> DiG 9.10.6 <<>> -t txt spf-a.mail.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50079
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;spf-a.mail.qq.com. IN TXT
;; ANSWER SECTION:
spf-a.mail.qq.com. 598 IN TXT "v=spf1 ip4:103.7.28.0/24 ip4:103.7.29.0/24 ip4:112.90.139.0/24 ip4:113.108.23.0/24 ip4:113.108.11.0/24 ip4:119.147.193.0/24 ip4:119.147.194.0/24 ip4:59.78.209.0/24 ip4:113.96.223.0/24 ip4:183.3.226.0/24 ip4:183.3.255.0/24 ip4:59.36.132.0/24 -all"
;; Query time: 38 msec
;; MSG SIZE rcvd: 304
也就是所有QQ邮箱发出去的邮件,比如网易邮箱收到时会去查询QQ的SPF设置并捞取所有信任IP,根据邮件发件人和信任IP比对来判断是否为伪造邮件。
SPF配置
在域名DNS服务商里面配置**根域名(@)的**TXT记录,**TTL**保留默认或3600,以feei.cn(使用的腾讯企业邮箱)的TXT记录为例。
也就是所有QQ邮箱发出去的邮件,比如网易邮箱收到时会去查询QQ的SPF设置并捞取所有信任IP,根据邮件发件人和信任IP比对来判断是否为伪造邮件。
SPF配置¶
在域名DNS服务商里面配置**根域名(@)的**TXT记录,**TTL**保留默认或3600,以feei.cn(使用的腾讯企业邮箱)的TXT记录为例。
限定符
-
+表示通过,指定允许发送的主机
-
-表示失败,指定拒绝发送的主机
-
~表示软失败,不允许发送但标记起来
-
?中性,不确定
all/include描述
-
all一般放在末尾,表示始终匹配
-
include表示多层嵌套
ip4/ip6描述符
-
ip4:ip,比如ip4:1.1.1.1
-
ip4:IP段,比如ip4:1.1.1.1/24
-
ip6:ip,比如ip6:1080::8:800:68.0.3.1/96
a/mx描述符
- 默认域名的A记录,比如
v=spf1 a -all
- 指定域名的A记录,比如
v=spf1 a:feei.cn -all
- 按照MX记录的优先级,比如
v=spf1 mx mx:feei.cn -all
详细的查看官方文档SPF语法。
SPF例子
# 域名不会发送邮件
"v=spf1 -all"
# 认为SPF无用或无关紧要
"v=spf1 +all"
# 只允许1.1.1.1发出来的邮件
"v=spf1 ip4:1.1.1.1 -all"
# 只允许腾讯企业邮箱发出来的邮件
"v=spf1 ip4:spf.mail.qq.com -all"
SPF枚举邮件服务器地址
根据SPF特性,可以通过递归方式枚举出某个企业的全部邮件服务器地址。
# -*- coding: utf-8 -*-
"""
SPF
~~~
SPF信任IP枚举
spf = SPF()
spf.spf('qq.com')
print(spf.root)
print(spf.ip_segments)
print(spf.included_domains)
print(spf.ips)
:author: Feei <feei@feei.cn>
:homepage: https://github.com/FeeiCN/Mail-Checker
:license: GPL, see LICENSE for more details.
:copyright: Copyright (c) 2015 Feei. All rights reserved
"""
import re
import dns.resolver
class SPF(object):
def __init__(self):
self.ips = []
self.included_domains = []
self.ip_segments = []
self.root = []
def spf(self, domain):
txt_items = dns.resolver.query(domain, 'txt')
for txt in txt_items:
txt = txt.to_text().strip()
if re.search(r"^\"v=spf", txt):
self.parse_spf(domain, txt.strip('"'))
def parse_spf(self, domain, record):
for item in record.split(' '):
if re.search(r'^ip4:', item):
ip = item[4:]
is_ip_segment = False
if '/' in ip:
self.ip_segments.append(ip)
is_ip_segment = True
else:
self.ips.append(ip)
self.root.append({"domain": domain, "ip": ip, "ip_segment": is_ip_segment})
elif re.search(r'^include:', item):
include = item[8:]
if not (include in self.included_domains or include == domain):
self.spf(include)
self.included_domains.append(include)
spf = SPF()
spf.spf('qq.com')
# 结构
print(spf.root)
# IP
print(spf.ips)
# IP段
print(spf.ip_segments)
# 域名
print(spf.included_domains)
[{'domain': 'spf-a.mail.qq.com', 'ip': '103.7.28.0/24', 'ip_segment': True}, {'domain': 'spf-a.mail.qq.com', 'ip': '103.7.29.0/24', 'ip_segment': True}, {'domain': 'spf-a.mail.qq.com', 'ip': '112.90.139.0/24', 'ip_segment': True}, {'domain': 'spf-a.mail.qq.com', 'ip': '113.108.23.0/24', 'ip_segment': True}, {'domain': 'spf-a.mail.qq.com', 'ip': '113.108.11.0/24', 'ip_segment': True}, {'domain': 'spf-a.mail.qq.com', 'ip': '119.147.193.0/24', 'ip_segment': True}, {'domain': 'spf-a.mail.qq.com', 'ip': '119.147.194.0/24', 'ip_segment': True}, {'domain': 'spf-a.mail.qq.com', 'ip': '59.78.209.0/24', 'ip_segment': True}, {'domain': 'spf-a.mail.qq.com', 'ip': '113.96.223.0/24', 'ip_segment': True}, {'domain': 'spf-a.mail.qq.com', 'ip': '183.3.226.0/24', 'ip_segment': True}, {'domain': 'spf-a.mail.qq.com', 'ip': '183.3.255.0/24', 'ip_segment': True}, {'domain': 'spf-a.mail.qq.com', 'ip': '59.36.132.0/24', 'ip_segment': True}, {'domain': 'spf-b.mail.qq.com', 'ip': '14.17.32.0/24', 'ip_segment': True}, {'domain': 'spf-b.mail.qq.com', 'ip': '14.17.43.0/24', 'ip_segment': True}, {'domain': 'spf-b.mail.qq.com', 'ip': '14.17.44.0/24', 'ip_segment': True}, {'domain': 'spf-b.mail.qq.com', 'ip': '14.17.21.0/24', 'ip_segment': True}, {'domain': 'spf-b.mail.qq.com', 'ip': '183.60.52.0/24', 'ip_segment': True}, {'domain': 'spf-b.mail.qq.com', 'ip': '183.60.61.0/24', 'ip_segment': True}, {'domain': 'spf-b.mail.qq.com', 'ip': '183.60.8.0/24', 'ip_segment': True}, {'domain': 'spf-b.mail.qq.com', 'ip': '183.62.104.0/24', 'ip_segment': True}, {'domain': 'spf-b.mail.qq.com', 'ip': '184.105.206.0/24', 'ip_segment': True}, {'domain': 'spf-b.mail.qq.com', 'ip': '184.105.67.0/24', 'ip_segment': True}, {'domain': 'spf-b.mail.qq.com', 'ip': '203.205.160.0/24', 'ip_segment': True}, {'domain': 'spf-b.mail.qq.com', 'ip': '58.250.132.0/24', 'ip_segment': True}, {'domain': 'spf-c.mail.qq.com', 'ip': '54.179.177.0/24', 'ip_segment': True}, {'domain': 'spf-c.mail.qq.com', 'ip': '183.57.50.0/24', 'ip_segment': True}, {'domain': 'spf-c.mail.qq.com', 'ip': '59.37.110.0/24', 'ip_segment': True}, {'domain': 'spf-c.mail.qq.com', 'ip': '54.204.34.0/24', 'ip_segment': True}, {'domain': 'spf-c.mail.qq.com', 'ip': '54.206.16.0/24', 'ip_segment': True}, {'domain': 'spf-c.mail.qq.com', 'ip': '54.206.34.0/24', 'ip_segment': True}, {'domain': 'spf-c.mail.qq.com', 'ip': '54.207.19.0/24', 'ip_segment': True}, {'domain': 'spf-c.mail.qq.com', 'ip': '54.207.22.0/24', 'ip_segment': True}, {'domain': 'spf-c.mail.qq.com', 'ip': '54.238.142.0/24', 'ip_segment': True}, {'domain': 'spf-c.mail.qq.com', 'ip': '54.238.162.0/24', 'ip_segment': True}, {'domain': 'spf-c.mail.qq.com', 'ip': '54.243.244.0/24', 'ip_segment': True}, {'domain': 'spf-c.mail.qq.com', 'ip': '58.251.149.0/24', 'ip_segment': True}, {'domain': 'spf-d.mail.qq.com', 'ip': '58.250.134.0/24', 'ip_segment': True}, {'domain': 'spf-d.mail.qq.com', 'ip': '54.254.200.0/24', 'ip_segment': True}, {'domain': 'spf-d.mail.qq.com', 'ip': '54.92.39.0/24', 'ip_segment': True}, {'domain': 'spf-d.mail.qq.com', 'ip': '103.7.31.0/24', 'ip_segment': True}, {'domain': 'spf-d.mail.qq.com', 'ip': '14.17.18.0/24', 'ip_segment': True}, {'domain': 'spf-d.mail.qq.com', 'ip': '112.90.142.0/24', 'ip_segment': True}, {'domain': 'spf-d.mail.qq.com', 'ip': '113.108.91.0/24', 'ip_segment': True}, {'domain': 'spf-d.mail.qq.com', 'ip': '119.147.14.0/24', 'ip_segment': True}, {'domain': 'spf-d.mail.qq.com', 'ip': '180.153.3.0/24', 'ip_segment': True}, {'domain': 'spf-d.mail.qq.com', 'ip': '183.60.60.0/24', 'ip_segment': True}, {'domain': 'spf-d.mail.qq.com', 'ip': '183.62.126.0/24', 'ip_segment': True}, {'domain': 'spf-d.mail.qq.com', 'ip': '211.139.188.0/24', 'ip_segment': True}, {'domain': 'spf-e.mail.qq.com', 'ip': '203.205.176.0/24', 'ip_segment': True}, {'domain': 'spf-e.mail.qq.com', 'ip': '14.215.153.0/24', 'ip_segment': True}, {'domain': 'spf-e.mail.qq.com', 'ip': '14.215.154.0/24', 'ip_segment': True}, {'domain': 'spf-e.mail.qq.com', 'ip': '14.215.155.0/24', 'ip_segment': True}, {'domain': 'spf-e.mail.qq.com', 'ip': '183.61.51.0/24', 'ip_segment': True}, {'domain': 'spf-e.mail.qq.com', 'ip': '183.61.52.0/24', 'ip_segment': True}, {'domain': 'spf-e.mail.qq.com', 'ip': '163.177.87.0/24', 'ip_segment': True}, {'domain': 'spf-e.mail.qq.com', 'ip': '220.249.245.0/24', 'ip_segment': True}, {'domain': 'spf-e.mail.qq.com', 'ip': '52.59.177.0/24', 'ip_segment': True}, {'domain': 'spf-e.mail.qq.com', 'ip': '18.194.254.0/24', 'ip_segment': True}, {'domain': 'spf-f.mail.qq.com', 'ip': '180.163.24.128/25', 'ip_segment': True}, {'domain': 'spf-f.mail.qq.com', 'ip': '121.51.40.128/25', 'ip_segment': True}, {'domain': 'spf-f.mail.qq.com', 'ip': '58.246.222.128/25', 'ip_segment': True}, {'domain': 'spf-f.mail.qq.com', 'ip': '58.250.143.128/25', 'ip_segment': True}, {'domain': 'spf-f.mail.qq.com', 'ip': '121.51.6.0/25', 'ip_segment': True}, {'domain': 'spf-f.mail.qq.com', 'ip': '183.2.187.0/25', 'ip_segment': True}, {'domain': 'spf-f.mail.qq.com', 'ip': '203.205.140.128/25', 'ip_segment': True}, {'domain': 'spf-f.mail.qq.com', 'ip': '203.205.210.0/25', 'ip_segment': True}, {'domain': 'spf-f.mail.qq.com', 'ip': '203.205.146.128/25', 'ip_segment': True}]
[]
['103.7.28.0/24', '103.7.29.0/24', '112.90.139.0/24', '113.108.23.0/24', '113.108.11.0/24', '119.147.193.0/24', '119.147.194.0/24', '59.78.209.0/24', '113.96.223.0/24', '183.3.226.0/24', '183.3.255.0/24', '59.36.132.0/24', '14.17.32.0/24', '14.17.43.0/24', '14.17.44.0/24', '14.17.21.0/24', '183.60.52.0/24', '183.60.61.0/24', '183.60.8.0/24', '183.62.104.0/24', '184.105.206.0/24', '184.105.67.0/24', '203.205.160.0/24', '58.250.132.0/24', '54.179.177.0/24', '183.57.50.0/24', '59.37.110.0/24', '54.204.34.0/24', '54.206.16.0/24', '54.206.34.0/24', '54.207.19.0/24', '54.207.22.0/24', '54.238.142.0/24', '54.238.162.0/24', '54.243.244.0/24', '58.251.149.0/24', '58.250.134.0/24', '54.254.200.0/24', '54.92.39.0/24', '103.7.31.0/24', '14.17.18.0/24', '112.90.142.0/24', '113.108.91.0/24', '119.147.14.0/24', '180.153.3.0/24', '183.60.60.0/24', '183.62.126.0/24', '211.139.188.0/24', '203.205.176.0/24', '14.215.153.0/24', '14.215.154.0/24', '14.215.155.0/24', '183.61.51.0/24', '183.61.52.0/24', '163.177.87.0/24', '220.249.245.0/24', '52.59.177.0/24', '18.194.254.0/24', '180.163.24.128/25', '121.51.40.128/25', '58.246.222.128/25', '58.250.143.128/25', '121.51.6.0/25', '183.2.187.0/25', '203.205.140.128/25', '203.205.210.0/25', '203.205.146.128/25']
['spf-a.mail.qq.com', 'spf-b.mail.qq.com', 'spf-c.mail.qq.com', 'spf-d.mail.qq.com', 'spf-e.mail.qq.com', 'spf-f.mail.qq.com', 'spf.mail.qq.com']
2.2 防止邮件内容篡改(DKIM)
DKIM作用
使用域名密钥识别邮件 (DKIM) 标准有助于向外发送邮件遭到假冒,包括邮件内容遭到更改、使邮件显示为非真实的来源的发件人或发件地址,这些都是对邮件未授权利用的常见手法。
DKIM原理
使用DKIM,将会加密签名添加到所有外发邮件的Header中,收到此类邮件的邮件服务器会使用DKIM解密邮件Header,并验证邮件发送后是否遭到篡改。
DKIM使用
- 为域名生成密钥
- 向域名DNS记录增加公钥,以便于其它邮件服务器使用此密钥读取邮件Header中DKIM
- 开启DKIM功能,以便于将DKIM签名添加到所有发送的邮件Header中
国内的腾讯企业邮箱和网易企业邮箱都不支持DKIM。
2.3 处理可疑邮件(DMARC)
DMARC(Domain-based Message Authentication, Reporting & Conformance)是一种基于现有的SPF和DKIM协议的可扩展电子邮件认证协议,邮件收发双方建立了邮件反馈机制,便于邮件发送方和邮件接收方共同对域名的管理进行完善和监督。对于未通过前述检查的邮件,接收方则按照发送方指定的策略进行处理,如直接投入垃圾箱或拒收。从而有效识别并拦截欺诈邮件和钓鱼邮件,保障用户个人信息安全。
简单讲就是不像之前的SPF的管控策略,只能拦截、通过,而是可以有更多的操作方式,比如扔进垃圾箱甚至讲这些邮件转发给我们。
DMARC配置
检查一个网站的DMARC配置可以查看_dmarc.domain.com的TXT记录,比如qq.com的DMARC记录。
➜ ~ dig -t txt _dmarc.qq.com
; <<>> DiG 9.10.6 <<>> -t txt _dmarc.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 225
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.qq.com. IN TXT
;; ANSWER SECTION:
_dmarc.qq.com. 3610 IN TXT "v=DMARC1; p=none; rua=mailto:mailauth-reports@qq.com"
;; Query time: 189 msec
;; MSG SIZE rcvd: 107
以qq.com的DMARC配置为例:
v=DMARC1; p=none; rua=mailto:mailauth-reports@qq.com
-
v=DMARC1表示使用的是DMARC1版本,必须放在最前面
-
p表示邮件处理策略
-
none表示不采取特定策略,初期观察建议采用此模式
-
quarantine表示邮件接收者将邮件标记为可疑的
-
reject表示邮件接收者拒收该邮件
-
rua表示将一段时间的汇总报告反馈的邮件地址,可用逗号分隔
-
ruf表示当检测到伪造邮件时将伪造信息的报告反馈的邮件地址,可用逗号分隔
详细语法介绍见DMARC文档。
例如我希望我域名feei.cn配置DMARC,则在我的DNS服务商管理后台增加一条DNS记录。HOST为_dmarc,类型为TXT,值为v=DMARC1; p=none; rua=mailto:mail-report@feei.cn。DMARC的前提必须已经配置过SPF。
DMARC例子
# 检测到伪造邮件时不做任何特殊处理,将伪造邮件报告给我
v=DMARC1; p=none; ruf=mailto:mail-report@feei.cn
# 检测到伪造邮件时标记为可疑邮件,将伪造的邮件报告给我
v=DMARC1; p=quarantine; ruf=mailto:mail-report@feei.cn
# 检测到伪造邮件时拒绝接受该邮件,将伪造的邮件报告给我,并将一段时间内的汇总报告给我
v=DMARC1; p=reject; ruf=mailto:mail-report@feei.cn; rua=mailto:mail-report@feei.cn
2.4 IP的反向解析地址(PTR)
PTR(Pointer Record)是将IP解析到域名上,常见的域名解析到IP是通过A(IPv4)或AAAA(IPv6)进行的,可以简单理解为IP的反向域名解析,常用于提升邮箱的发信信誉从而提高到达率。
查询IP的PTR可以通过dig -x ip,比如查看8.8.8.8的PTR记录为google-public-dns-a.google.com.。
➜ ~ dig -x 8.8.8.8
; <<>> DiG 9.10.6 <<>> -x 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1999
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;8.8.8.8.in-addr.arpa. IN PTR
;; ANSWER SECTION:
8.8.8.8.in-addr.arpa. 75474 IN PTR google-public-dns-a.google.com.
;; Query time: 91 msec
;; MSG SIZE rcvd: 93
PTR配置
PTR的配置无法在DNS服务商配置,因为IP的归属是运营商(ISP),因此如果是买的云主机需要向运营商提交申请进行配置解析。
3 邮件安全建议
3.1 自身加固
- 强制开启登陆二次验证(扫码、短信、Google Auth)
- 关闭企业邮箱中的组织架构信息
- 去掉企业邮箱中的除姓名、邮箱地址外其它的信息(手机号、职位、部门等)
- 发送营销邮件时使用二级域名,比如
reply@event.feei.cn,当被封禁时不会影响其他业务
3.2 安全意识
- 勿打开未知人员发送的邮件,尤其是邮件附件
- 不要回复任何要求提供账号密码或个人信息的邮件
- 发送敏感数据应进行加密
- 勿使用公司邮箱作为个人用途
- 公司邮箱邮件勿转发到个人邮箱中
- 浏览器中使用HTTPS访问邮箱,客户端中使用SSL/TLS访问邮箱
相关文章:
-
2021-12-15
-
2021-08-16
-
2022-01-17
-
2021-10-19
-
2021-11-03
-
2022-01-22
-
2021-11-04
猜你喜欢
-
2021-06-16
-
2021-10-29
-
2021-11-07
-
2021-12-02
-
2021-09-14
-
2021-12-28
-
2022-01-02
相关资源
-
下载
2023-01-22
-
下载
2021-06-24
-
下载
2021-07-05