DMARC Identifier Alignment

DMARC Identifier Alignment

Identifier alignment forces the domains authenticated by SPF and DKIM to have a relationship to the “header From” domain. Email end users check the from the field in their email clients to tell where an email comes from, SPF doesn’t authenticate the field, neither does DKIM. This means “what you see might not be what’s been authenticated”. That’s why the identifier alignment mechanism is introduced in DMARC.

The header from the domain and mail from the domain are two different terms. At first, it seems to be the same thing but in reality, they are not. To know how DMARC alignment work, you should know the difference between these two terms. The difference in these terms could help the mail being rejected or allowed.

The header from the domain is an address contained in the From field of an email, which is visible to all email users. If the IP address which is sending email on the behalf of  “envelope from” domain is not listed in that SPF record, then the message will fail SPF authentication.

Mail from domain address is also referred to as the Return-Path address, Envelope-Sender address, and the bounce address. which is not visible to the end-user and SPF check the domain in the Mail From address, not the header From address domain. Both addresses found at different location.

DMARC has two alignment modes:

  1. strict alignment: In this mode Both the domain must be identical or exact same.
  2. relaxed alignment: In this mode sub-domain of the same organization are set to be identical or same.

    • Related Articles

    • Can We Setup DMARC Using SPF?

      Yes, you can set up DMARC without DKIM and even if you only have DMARC and SPF setup. In cases where the DKIM check fails, DMARC authentication is dependent on the SPF check and SPF identifier alignment, which works but is not that optimal. DMARC ...

    • What Are The Different DMARC Records?

      A DMARC record is where DMARC rule sets are defined. It is a security protocol that will prevent fraudulent entities from misusing your domain to send emails. This record informs Internet service providers whether a domain is set up to use DMARC. ...

    • How Smart DMARC Works?

      KDMARC is an analytical tool that complements the Simple Mail Transfer Protocol (SMTP) by monitoring all three of the standard email authentication protocols namely SPF, DKIM and DMARC. It offers a number of features to secure your email domains ...

    • How Does SPF Compare To DMARC And Why Is DMARC Needed To Stop Domain Phishing And Spoofing?

      With this article, we will discuss what SPF does and what it does not: Does: SPF authenticates the sending server of the email based on the sending IPv4/IPv6 address. SPF focuses on a header that is not visible to the end-user (Return-Path, MAIL ...

    • Multiple DMARC Records Issue

      In case you want to know how many DMARC records you can have on a single domain, the only correct answer is ‘ONE’. A domain must not have more than one DMARC record if you want the DMARC processing to work successfully on that domain.  A DMARC record ...