+

How does DMARC validation work?

DMARC validation can feel complicated not because it is, but because terms like authentication and alignment are thrown around without context. Hopefully this is the best explanation you will ever read about it.


For this record, DMARC validation passes if either of these two scenarios are true:

(1) Email passes both SPF authentication and relaxed alignment.

Let's break this down into both parts.

First, SPF authentication must pass. The receiving email server will check the Return-Path domain to find the appropriate SPF record to use for authentication. Visit the SPF section to see how authentication passes with each of your SPF records.

Second, SPF must be aligned. This means the Return-Path domain must be the same as the From address domain. Your SPF alignment is set to relaxed because you have aspf=r in your DMARC record. This means the Return-Path domain can be a child of the From address domain.

Return-Path: <xxxxxxxxx@bounce.dnsdigest.com>
From: info@dnsdigest.com
SPF is aligned in this scenario because your SPF alignment is relaxed.

If both of these conditions are met, DMARC validation passes regardless of DKIM authentication.

(2) Email passes both DKIM authentication and relaxed alignment.

Let's break this down into both parts.

First, DKIM authentication must pass. The receiving email server will check the DKIM signature to find the appropriate DKIM record to use for authentication.

Second, DKIM must be aligned. This means the DKIM signature must be the same as the From address domain. Your DKIM alignment is set to relaxed because you do not have adkim=s or adkim=r in your DMARC record. This means the DKIM signature domain can be a child of the From address domain.

Return-Path: <xxxxxxxxx@bounce.dnsdigest.com>
From: admin@dnsdigest.com
DKIM is aligned in this scenario because your alignment is relaxed.

If both of these conditions are met, DMARC validation passes regardless of SPF authentication.