Summary
Relaxed DMARC alignment allows a match between the From domain and the authenticating domain (SPF or DKIM) at the organizational domain level. This means subdomains can differ as long as they share the same organizational domain, offering more flexibility than strict alignment. SPF, unlike DMARC, doesn't inherently have alignment concepts; it validates the MAIL FROM domain. Within DMARC, SPF alignment means the MAIL FROM domain only needs to share the organizational domain as the From header. The authenticating SPF or DKIM domain must share the same organizational domain to achieve alignment.
Key findings
- Organizational Domain: Relaxed alignment focuses on organizational domains matching rather than exact domain matches.
- Flexibility: Relaxed alignment offers greater flexibility than strict alignment, allowing for subdomain variations.
- SPF and DMARC: SPF lacks inherent alignment concepts, but SPF alignment matters in the context of DMARC.
Key considerations
- Define Organizational Domain: Clearly define your organizational domain to ensure correct alignment under DMARC.
- SPF Record Placement: Ensure SPF records are properly configured for sending domains and subdomains.
- DMARC Policy Impact: Monitor DMARC reports to understand the effects of relaxed alignment and make adjustments as needed.
What email marketers say
8 marketer opinions
Relaxed domain alignment in DMARC allows for a match between the From domain and the authenticating domain (SPF or DKIM) at the organizational domain level. This means that subdomains can differ as long as they fall under the same primary domain. SPF, unlike DMARC, does not inherently have a concept of alignment or inheritance. Therefore, if there is no SPF record published for a specific subdomain, the system will not automatically check the parent domain.
Key opinions
- Organizational Domain Match: Relaxed alignment permits a match if the organizational domains are the same, regardless of subdomain differences (e.g., mail.example.com and example.com).
- Flexibility: Relaxed alignment provides more flexibility compared to strict alignment, which requires an exact domain match.
- SPF vs DMARC Alignment: SPF lacks inherent alignment concepts like DMARC; it validates the MAIL FROM domain without automatically checking parent domains.
Key considerations
- SPF Record Placement: Ensure SPF records are published at the appropriate domain level. If a subdomain sends email, it should have its own SPF record or rely on a properly configured policy at the organizational domain.
- Organizational Domain Definition: Understand how your organizational domain is defined for DMARC purposes, as this determines what constitutes a valid alignment.
- DMARC Policy Impact: A relaxed DMARC policy may offer more leeway, but also requires careful monitoring to ensure legitimate emails are properly authenticated while preventing spoofing.
Marketer view
Email marketer from SendLayer explains that when using relaxed alignment, the domain only needs to have the same organizational domain, not the exact same one. For example, yourdomain.com and mail.yourdomain.com would align.
11 Apr 2024 - SendLayer
Marketer view
Email marketer from Email Geeks explains that SPF doesn't have the concept of alignment or inheritance like DMARC. If there’s no SPF record published at subdomain3.domain.com, then it won’t check domain.com or even look at subdomain1.domain.com.
19 Jun 2022 - Email Geeks
What the experts say
4 expert opinions
Relaxed DMARC alignment allows a match between the SPF or DKIM authenticated domain and the From: domain at the organizational level domain. This means that any domain or hostname 'under' a main domain (e.g., domain.com) is considered aligned with any other hostname or domain under it, as long as they share the same organizational domain. SPF alignment exists specifically in the context of DMARC, not as a general property of SPF itself.
Key opinions
- Organizational Domain Alignment: Relaxed alignment focuses on matching organizational domains rather than requiring exact domain matches.
- Domain Hierarchy: Domains and hostnames 'under' the same organizational domain are considered aligned.
- SPF for DMARC: SPF alignment is specifically relevant within the context of DMARC.
Key considerations
- Organizational Domain Scope: Clearly define your organizational domain to ensure correct alignment.
- Authentication Method: Consider whether SPF or DKIM (or both) are being used for authentication and how they align with the From: domain.
- DMARC Policy Impact: Monitor DMARC reports to observe the effects of your relaxed alignment policy and adjust as necessary.
Expert view
Expert from Email Geeks explains that any two hostnames that share an organizational domain are aligned under DMARC.
18 Jan 2025 - Email Geeks
Expert view
Expert from Email Geeks clarifies that there’s SPF alignment for DMARC.
7 Jul 2024 - Email Geeks
What the documentation says
4 technical articles
Relaxed domain alignment in DMARC, as per multiple documentations, centers around matching the organizational domains. The 'From' domain and the authenticating domain (SPF's MAIL FROM or DKIM's d=tag) do not require an exact match. If the organizational domains are the same, the alignment is considered valid. For SPF, the Return-Path/Mail-From domain must pass SPF validation. Relaxed alignment allows for greater flexibility than strict alignment, as subdomains can differ as long as they fall under the same organizational domain.
Key findings
- Organizational Domain Match: Relaxed alignment validates alignment if the organizational domains are the same, regardless of subdomains.
- SPF Validation: The domain in the Return-Path/Mail-From for SPF must pass SPF validation.
- Flexibility: Relaxed alignment is more flexible than strict alignment, permitting subdomains to differ.
Key considerations
- Organizational Domain Definition: Clearly define the organizational domain.
- SPF Validation Setup: Ensure that the Return-Path/Mail-From domain has valid SPF configuration.
- DMARC Policy Implementation: Understand and implement a DMARC policy that leverages relaxed alignment appropriately for your email ecosystem.
Technical article
Documentation from RFC 7489 defines relaxed alignment as allowing the organizational domain to match. The 'From' domain and the authentication domain (SPF's MAIL FROM or DKIM's d=tag) do not need to be an exact match; they only need to share the same organizational domain.
20 Apr 2023 - RFC Editor
Technical article
Documentation from Microsoft responds that SPF checks the domain used during the SMTP handshake (MAIL FROM). Relaxed alignment in the context of SPF for DMARC means the MAIL FROM domain only needs to share the same organizational domain as the From header.
9 Nov 2022 - Microsoft
Against which domain is SPF checked?
Are SPF, DKIM, and DMARC as important in B2B as in B2C email marketing?
Are SPF, DKIM, and DMARC records necessary for transactional email servers not used for marketing?
Can DKIM be set up on a subdomain, and which domain should be used for signing?
Do SPF and DKIM records need to be aligned for all email service providers?
How do SPF, DKIM, and DMARC email authentication standards work?
