domain alignment for dmarc

This week’s post comes from my old job with Inxmail,
a German software house specialized in email marketing.
I’m still managing a customer for them.

I’ve been requested to:

inform the customer about the options on authentication of the dispatch domain used
for sending mails via SPF, DKIM and DMARC
since they're using a DKIM version which is not supported anymore by Inxmail

After the initial attempt to avoid doing it and the annoyance to make something imposed by others,
I’ve decided to delve into the topic and understand more about it.

The world of “domain alignment for dmarc” has opened up in front of me.
I already knew something about it, just a few ideas a bit confused.

DMARC is an email authentication standard, developed to combat spoofed domain mail.
For domain alignment it requires that:

when a sender authenticates their email using SPF and/or DKIM,  
at least one of the domains must align with the sending From domain

Using ESP (Email Service Providers), like Inxmail, to send high quantities of messages,
you deal with two domains:

In this case, the easier solution is to have at least the DKIM signing domain aligned with the From address.
Read “dkim domain made easy”, it explains how to delegate keys to the third party by using CNAMEs.

If possible, both SPF and DKIM authentications should have at least a “relaxed domain alignment” with the From address:

I’ve published two new webpages on the website to explain it in details:
spf domain alignment for dmarc
dkim domain alignment for dmarc

The online check tool to validate your SPF/DKIM settings has been updated too:
validate your email SPF settings sending an email message
validate your email DKIM settings sending an email message

Give it a try and send me your comments on the EmailTrends hello page

This blog post has been updated on 17/09/2020