domain alignment for dmarc

This week’s post comes from my old job with Inxmail,
a German software house specialized in email marketing.
I’m still managing a customer for them.

I’ve been requested to:

inform the customer about the options on authentication of the dispatch domain used
for sending mails via SPF, DKIM and DMARC
since they're using a DKIM version which is not supported anymore by Inxmail

After the initial attempt to avoid doing it and the annoyance to make something imposed by others,
I’ve decided to delve into the topic and understand more about it.

The world of “domain alignment for dmarc” has opened up in front of me.
I already knew something about it, just a few ideas a bit confused.

• the sending From address, that is visible to the recipients
• the Mail-From address (also called “envelope sender” or “return-path”),
  that is hidden and managed directly by the ESP to receive the bounced mails

In this case, the easier solution is to have at least the DKIM signing domain aligned with the From address.
Read “dkim domain made easy”, it explains how to delegate keys to the third party by using CNAMEs.

If possible, both SPF and DKIM authentications should have at least a “relaxed domain alignment” with the From address:

• SPF: the root domain of the Mail-From address must match the root domain of the From address
• DKIM: the root of the dkim signing domain must match the sending From domain

The online check tool to validate your SPF/DKIM settings has been updated too:
validate your email SPF settings sending an email message
validate your email DKIM settings sending an email message

Give it a try and send me your comments on the EmailTrends hello page

This blog post has been updated on 17/09/2020