DMARC Basics
      Back to home
      1. Help Center
      2. DMARC Basics

      DMARC, SPF, and DKIM Alignment

      Understanding Alignment to achieve DMARC, DKIM or SPF Authentication

      What is email alignment?

      Email alignment is the process of ensuring that the domains and identifiers used in an email message match the domains and identifiers that are authorized to send email on behalf of the sender. Email alignment is important for preventing spoofing, phishing, and spam, as well as for improving the deliverability and reputation of legitimate email senders.

      There are three main standards for email alignment: DMARC, SPF, and DKIM. Each of these standards has a different purpose and method of verifying the authenticity of an email message. In this document, we will explain what each of these standards does, how they work, and how to implement them on your domain.

      What is DMARC alignment?

      DMARC alignment is the requirement that the domains used in SPF and DKIM match the domain in the From header of the message. This ensures that the sender's identity is consistent and clear to the receiver and the recipient. DMARC alignment can be either strict or relaxed, depending on the level of similarity between the domains.

      Strict alignment means that the domains must be exactly the same, including the subdomains. For example, if the From header contains user@example.com, then the SPF and DKIM domains must also be example.com.

      Relaxed alignment means that the domains must share the same organizational domain, but can have different subdomains. For example, if the From header contains user@example.com, then the SPF and DKIM domains can be any subdomain of example.com, such as mail.example.com or marketing.example.com.

      The DMARC record can specify the alignment mode for SPF and DKIM separately, using the aspf and adkim tags. The default mode is relaxed for both SPF and DKIM.

      What is SPF alignment?

      SPF alignment is the requirement that the domain used in the SPF verification matches the domain in the From header of the message. This ensures that the sender's identity is consistent and clear to the receiver and the recipient. SPF alignment can be either strict or relaxed, depending on the level of similarity between the domains.

      Strict alignment means that the domains must be exactly the same, including the subdomains. For example, if the From header contains user@example.com, then the SPF domain must also be example.com.

      Relaxed alignment means that the domains must share the same organizational domain, but can have different subdomains. For example, if the From header contains user@example.com, then the SPF domain can be any subdomain of example.com, such as mail.example.com or marketing.example.com.

      The DMARC record can specify the alignment mode for SPF using the aspf tag. The default mode is relaxed.

      What is DKIM alignment?

      DKIM alignment is the requirement that the domain used in the DKIM verification matches the domain in the From header of the message. This ensures that the sender's identity is consistent and clear to the receiver and the recipient. DKIM alignment can be either strict or relaxed, depending on the level of similarity between the domains.

      Strict alignment means that the domains must be exactly the same, including the subdomains. For example, if the From header contains user@example.com, then the DKIM domain must also be example.com.

      Relaxed alignment means that the domains must share the same organizational domain, but can have different subdomains. For example, if the From header contains user@example.com, then the DKIM domain can be any subdomain of example.com, such as mail.example.com or marketing.example.com.

      The DMARC record can specify the alignment mode for DKIM using the adkim tag. The default mode is relaxed.

      Why is Alignment important for DMARC?

      Alignment is important for DMARC because it ensures that the email sender is consistent and authentic across different authentication methods. DMARC uses both SPF and DKIM to verify the identity of the sender, but they operate on different parts of the email message. SPF checks the envelope sender, which is the address used during SMTP transmission, while DKIM checks the header sender, which is the address displayed to the recipient. Alignment ensures that these two addresses match or share the same domain, so that the recipient can trust that the email comes from the legitimate sender and not a spoofed or fraudulent one. Alignment also helps prevent domain-based phishing attacks, where attackers use a similar-looking domain to trick recipients into opening malicious emails.

      Need Help?

      support@sendmarc.com is standing by to assist!