Though SPF and DKIM are mostly familiar technologies, it’s important to understand that neither SPF or DKIM, on their own, have anything to do with the “from address.” This is why phishing, spoofing, Shadow IT and other unchecked/misuse of domains run rampant today. There are very few controls that prohibit bad actors from sending an email as you. The primary control to observe and restrict email domain usage is DMARC.
Alignment is at the heart of DMARC; without a firm understanding of it, you may fall victim to a stalled-out project or inadvertently and unknowingly block legitimate email. We have a number of articles, videos, and reporting modules in our application that will help you. You’ve come to the right place!
In its simplest explanation, alignment refers to the relationship between what humans see in the “from” address and what the inbound machinery reads from the header portion of the email when checking domains in the DKIM and SPF record. Alignment requires that the “from” domain match either of the domains used in DKIM or SPF. Only emails that are aligned can pass DMARC.
The following examples illustrate the alignment relationship: