<dkim> alignment for dmarc

dkim logo

dkim domain alignment for dmarc

DMARC is an email authentication standard, developed to combat spoofed domain mail.
On domain alignment it requires that:

   when a sender authenticates their email using SPF and/or DKIM,  
   at least one of the domains must align with the sending From domain

To get it within DKIM (DomainKeys Identified Mail),
the dkim signing domain (DKIM-Signature: d=…) must match the sending From domain.

DMARC allows two types of DKIM alignment: relaxed alignment and strict alignment.
If you do not specify strict alignment, relaxed alignment is assumed as the default.

relaxed alignment

With relaxed alignment, only the root of the dkim signing domain must match the sending From domain.
Relaxed alignment allows any subdomain to be used and still meet the domain alignment requirement.


strict alignment

With strict alignment, the dkim signing domain must match exactly the domain of the sending From address.


last updated on July 28, 2020

<dkim> check online