Alignment is a key concept in the introduction of DMARC; it is the requirement that the domain used for either a passing SPF or DKIM result MUST match the domain of the From header in the email message body.
Though SPF and DKIM are mostly familiar technologies, it’s important to understand that neither SPF or DKIM, on their own, have anything to do with the From address, which is what humans typically see on an email. This is why phishing, spoofing, Shadow IT and other unchecked/misuse of domains run rampant today. There are very few controls that prohibit bad actors from sending an email as you. The primary control to observe and restrict email domain usage is DMARC.
Identifier alignment is at the heart of DMARC. It is what makes the connection between the authentication mechanisms of SPF and DKIM and the enforcement policy for unauthenticated mail as dictated in the DMARC record. Alignment refers to the relationship between the domain in the From Header address and the domains associated with SPF and DKIM authentication checks. Alignment requires that these domains match. Only emails that are aligned can pass DMARC. A mismatch in domains will result in a DMARC fail.
The following examples illustrate the alignment relationship: