What is identifier alignment?

DMARC uses the concept "identifier alignment" to authenticate emails. Only if an email passes SPF/DKIM validation and the identifier alignment check, the email is DMARC aligned.

What is identifier?

The word "identifier" means the domain used to validate SPF or DKIM.

In the SPF scenario, it's the envelope sender address (sometimes also called the Return-Path address) is used during the transport of the message from one mail server to another. It is usually not displayed to the user by email programs. Here is an example of Return-Path address in Gmail:

image

In the DKIM scenario, it's the d= domain in the DKIM signature found in an email's headers. Here is an example of d= domain in Gmail:

image

What is identifier alignment?

The header sender address (also called From address) of an email MUST match the identifier in order to constitute "identifier alignment". The header sender address of an e-mail message is contained in the "From" or "Sender" header and is what is displayed to the user by email programs. Below is an example of From address in Gmail:

image

Senders can specify a "strict" or "relaxed" mode in terms of enforcing identifier checks. In "strict" mode, all identifiers must match the From address domain. In "relaxed" mode, the organizational domains must match. The "relaxed" mode is the default.

Do you find this article useful?

 
1
 
0