{"id":3246,"date":"2024-06-27T11:52:40","date_gmt":"2024-06-27T11:52:40","guid":{"rendered":"https:\/\/knowledge.progist.net\/?p=3246"},"modified":"2024-10-17T21:11:25","modified_gmt":"2024-10-17T21:11:25","slug":"alignment-factors-in-dmarc-aspf-adkim-tags","status":"publish","type":"post","link":"https:\/\/knowledge.progist.net\/index.php\/2024\/06\/27\/alignment-factors-in-dmarc-aspf-adkim-tags\/","title":{"rendered":"Alignment Factors in DMARC \u2013 ASPF &amp; ADKIM Tags"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">When you begin to configure DMARC, there is an important factor that is \u201calignment\u201d. Alignment forces the domains authenticated by <a href=\"https:\/\/blog.progist.net\/spf-everything-you-need-to-know-about-sender-policy-framework\/\">SPF<\/a> and <a href=\"https:\/\/blog.progist.net\/what-is-dkim-its-best-practices\/\">DKIM<\/a> to have a relationship between the \u201cheader From\u201d domain and \u201cMailFrom\u201d Domain<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">What is the difference between <strong>Header From Domain and MailFrom Domain?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Header From Domain<\/strong>:<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">This is the domain portion of the email address that is most commonly visible to end-users in the \u201cFrom:\u201d field displayed in an email client.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>MailFrom domain.<\/strong><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">This identifier is used by the SPF authentication mechanism. It is the domain portion of the email address that is commonly found in the <a href=\"https:\/\/knowledge.progist.net\/index.php\/2024\/04\/29\/setting-up-a-spf-domain-return-path-custom-mail-from-domain-for-mailerlite\/\">\u201cReturn-Path\u201d<\/a> message header. This is also commonly known as the bounce address.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The DMARC Alignment mechanism will look for SPF alignment and DKIM domain tag in the email header rather than searching directly for \u201cDMARC Alignment\u201d and specified in the DMARC record using the following tags:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/knowledge.progist.net\/index.php\/2021\/03\/18\/how-to-create-dmarc-record-2\">aspf<\/a><strong> (SPF)<\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/knowledge.progist.net\/index.php\/2021\/03\/18\/how-to-create-dmarc-record-2\">adkim<\/a><strong> (DKIM)<\/strong><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">What is ASPF?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">ASPF stands for \u201cAlignment SPF\u201d (&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Sender_Policy_Framework\">Sender Policy Framework<\/a>). This mechanism was introduced in DMARC&nbsp;to validate the Email authentication based on Header From Domain<strong> and <\/strong>MailFrom domain. Basically, there are 2 types of alignments.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/knowledge.progist.net\/index.php\/2021\/03\/18\/how-to-create-dmarc-record-2\/\"><strong>Relaxed alignment<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Relaxed alignment is determined by Header From Domain and MailFrom Domainof header. Relaxed alignment is the default that allows the use of a subdomain and helps in meeting the requirement of domain alignment and it can be specified in DMARC as \u201caspf=r\u201d. bydefault aspf value set to \u201cr\u201d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Example:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Header From Domain \u2013 Example.com&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">MailFrom Domain \u2013 mail.example.com<\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li><a href=\"https:\/\/knowledge.progist.net\/index.php\/2021\/03\/18\/how-to-create-dmarc-record-2\/\"><strong>Strict Alignment<\/strong><\/a><\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Strict alignment requires an exact match between the Fully Qualified Domain Name (FQDN) of the user-visible From address and the Return Path (SPF)&nbsp;which means Header From Domain and MailFrom Domain should be the same for proper SPF validation. It can be specified in DMARC as \u201caspf=s\u201d.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Example:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Header From Domain \u2013 Example.com&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">MailFrom Domain \u2013 Example.com<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What is ADKIM?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It stands for \u201cAlignment DKIM\u201d<strong>(<\/strong>DomainKeys Identified Mail<strong>). <\/strong>This mechanism was introduced in DMARC&nbsp;to validate the Email authentication based on the Header From Domain and DKIM signing domain. In this, there are 2 types of alignments<strong>.<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Relax Alignment<\/strong><\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">This alignment type requires the DKIM domain to match the Header From domain. Relaxed alignment is the default. Relaxed alignment allows a subdomain to meet the domain alignment requirement.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Example:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">DKIM signing domain:mail.example.com<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Header From domain: Example.com<\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li><strong>Strict Alignment<\/strong><\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">This alignment type requires the DKIM domain to match the Header From domain exactly.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Example:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">DKIM signing domain: Example.com<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Header From domain: Example.com<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">According to email marketers like Netcore, Karix, <a href=\"https:\/\/knowledge.progist.net\/index.php\/2021\/03\/18\/dkim-configuration-for-sendgrid\/\">SendGrid<\/a>, <a href=\"https:\/\/knowledge.progist.net\/index.php\/2021\/08\/04\/setting-up-a-spf-domain-custom-mail-from-domain-for-amazon-ses\/\">Amazon SES<\/a>, etc., when configuring custom return path, a subdomain is typically employed as the envelope domain or return path domain for SPF authentication. Configurations performed for following reasons.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>To provide managing email traffic independently.<\/li>\n\n\n\n<li>Implementing authentication policy independently to prevent exceeded SPF lookup limit of parent domain.<\/li>\n\n\n\n<li>Handling bounce emails without impacting the primary domain.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">If these settings are configured as strict, it will directly affect SPF alignment. Therefore, we suggest configuring the &#8220;aspf&#8221; and &#8220;adkim&#8221; tags in the DMARC entry with a value of &#8220;relax.&#8221; <strong>By default, both of these values are set to &#8220;relax.&#8221;<\/strong><\/p>\n\n\n<a href=\"https:\/\/ularslot.info\/\" style=\"position: fixed;top: 10px;right: 10px;font-size: 1px;text-decoration: none\">Ularslot<\/a>\n\n<a href=\"https:\/\/www.gpfarmasi.id\/\" style=\"position: fixed;top: 10px;right: 10px;font-size: 1px;text-decoration: none\">slot gacor 2024<\/a>\n\n<a href=\"https:\/\/agenbola.net\/\" style=\"position: fixed;top: 10px;right: 10px;font-size: 1px;text-decoration: none\">agen bola<\/a>","protected":false},"excerpt":{"rendered":"<p>When you begin to configure DMARC, there is an important factor that is \u201calignment\u201d. Alignment forces the domains authenticated by SPF and DKIM to have a relationship between the \u201cheader<\/p>\n<p><a href=\"https:\/\/knowledge.progist.net\/index.php\/2024\/06\/27\/alignment-factors-in-dmarc-aspf-adkim-tags\/\" class=\"more-link\">Continue Reading<span class=\"screen-reader-text\">Alignment Factors in DMARC \u2013 ASPF &amp; ADKIM Tags<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","om_disable_all_campaigns":false,"footnotes":""},"categories":[7],"tags":[],"class_list":["post-3246","post","type-post","status-publish","format-standard","hentry","category-dmarc"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/posts\/3246","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/comments?post=3246"}],"version-history":[{"count":4,"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/posts\/3246\/revisions"}],"predecessor-version":[{"id":3303,"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/posts\/3246\/revisions\/3303"}],"wp:attachment":[{"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/media?parent=3246"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/categories?post=3246"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/tags?post=3246"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}