RS - Domain alignment for dmarc
This week’s post comes from my old job with Inxmail,
a German software house specialized in email marketing.
I’m still managing a customer for them.
I’ve been requested to:
inform the customer about the options on authentication of the dispatch domain used for sending mails via SPF, DKIM and DMARC since they're using a DKIM version which is not supported anymore by Inxmail
After the initial attempt to avoid doing it and the annoyance to make something imposed by others,
I’ve decided to delve into the topic and understand more about it.
The world of “domain alignment for dmarc” has opened up in front of me.
I already knew something about it, just a few ideas a bit confused.
DMARC is an email authentication standard, developed to combat spoofed domain mail.
For domain alignment it requires that:
when a sender authenticates their email using SPF and/or DKIM, at least one of the domains must align with the sending From domain
Using ESP (Email Service Providers), like Inxmail, to send high quantities of messages,
you deal with two domains:
- the sending From address, that is visible to the recipients
- the Mail-From address (also called “envelope sender” or “return-path”),
that is hidden and managed directly by the ESP to receive the bounced mails
In this case, the easier solution is to have at least the DKIM signing domain aligned with the From address.
Read “dkim domain made easy”, it explains how to delegate keys to the third party by using CNAMEs.
If possible, both SPF and DKIM authentications should have at least a “relaxed domain alignment” with the From address:
- SPF: the root domain of the Mail-From address must match the root domain of the From address
- DKIM: the root of the dkim signing domain must match the sending From domain
I’ve published two new webpages on the RealSender.com website to explain it in details:
spf domain alignment for dmarc
dkim domain alignment for dmarc
The online check tool to validate your SPF/DKIM settings has been updated too:
validate your email SPF settings sending an email message
validate your email DKIM settings sending an email message
Give it a try and send me your comments on the EmailTrends hello page
This blog post has been updated on 17/09/2020