What is the new "Alignment" line in Gmail's "Show Original" and how does it relate to email authentication?
Matthew Whittaker
Co-founder & CTO, Suped
Published 17 May 2025
Updated 18 Aug 2025
7 min read
The digital landscape of email is constantly evolving, and keeping up with changes from major mailbox providers like Google is crucial for reliable delivery. Recently, I've observed a new "Alignment" line appearing in Gmail's "Show Original" view, sparking conversations among senders and deliverability professionals. This new indicator provides more transparency into how Gmail evaluates the authenticity of an email, specifically focusing on the relationship between your visible "From" address and your email authentication protocols like SPF and DKIM.
When you view the "Show Original" option in Gmail, you're presented with a detailed breakdown of an email's technical attributes. The new "Alignment" line is a visual cue, indicating whether the domain in the "From" header (the one your recipients see) matches the domains used for SPF or DKIM authentication. This check helps Gmail confirm that the email truly originated from the domain it claims to be from, reducing the likelihood of spoofing and phishing attempts.
This new visibility simplifies the process of checking your email's authenticity status. Previously, you might have had to parse complex headers manually to determine if SPF or DKIM alignment was successful. Now, Gmail provides a clearer, at-a-glance summary, which is a welcome change for senders looking to quickly diagnose potential deliverability issues.
Accessing email headers
To check the authentication results and alignment status of any email received in Gmail, follow these simple steps. This view provides critical insights into how Gmail processes your messages.
Open email: Open the email message in your Gmail inbox.
Click more options: Click the three vertical dots (More options) next to the "Reply" arrow at the top right of the email.
Select "Show original": Select "Show original" from the dropdown menu. A new tab will open displaying the full raw email headers, including the SPF, DKIM, and DMARC authentication results and the new "Alignment" line.
SPF and DKIM alignment explained
SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are two fundamental email authentication standards. While they both verify email senders, their concept of "alignment" specifically refers to how the authenticated domain relates to the visible "From" address in an email. Understanding this distinction is vital for maintaining a strong sender reputation and ensuring your messages aren't flagged as suspicious.
SPF alignment occurs when the domain in the "Return-Path" (or MailFrom) header, which is the address mail servers use for bounces, matches the domain in the email's "From" header. When SPF passes but isn't aligned, it means the sending server is authorized, but the bounce-back address doesn't directly correspond to the visible sender domain, which can impact deliverability. You can learn more about why SPF passes in headers but not Google Postmaster Tools.
DKIM alignment, on the other hand, requires the domain specified in the DKIM signature (the "d=" tag) to match the domain in the "From" header. This ensures that the message hasn't been tampered with in transit and that the sender domain is genuinely responsible for the email. A significant aspect of modern email security, like the new Gmail/Yahoo changes, is the emphasis on DKIM alignment for all emails.
SPF alignment
Verifies the sending server's IP against the domain in the Return-Path header (also known as the MailFrom or Envelope-From domain). Alignment requires the Return-Path domain to match the From header domain.
Verifies that the message content hasn't been altered and links the email to the domain in the DKIM signature (d=tag). Alignment requires this DKIM domain to match the From header domain. This is why DKIM alignment with the 5322.From domain is important for email authentication.
Both relaxed and strict alignment options are available. Strict alignment requires an exact match, while relaxed allows subdomains.
DMARC and identifier alignment
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is the protocol that ties SPF and DKIM together and uses their alignment results to determine whether an email is legitimate or should be rejected, quarantined, or allowed. For a DMARC check to pass, an email must pass either SPF authentication with SPF alignment, or DKIM authentication with DKIM alignment. It doesn't require both to be aligned, only one. You can learn more about how to concisely explain DMARC passing and identifier alignment.
The new "Alignment" line in Gmail's "Show Original" directly reflects this DMARC requirement. If an email successfully passes DMARC, even if only via SPF alignment, Gmail will generally display a "DMARC: PASS" status. However, if there's no DMARC record, or if both SPF and DKIM fail to align (even if they pass authentication), Gmail might show a warning message indicating a potential spoofing attempt. This is especially relevant in the context of Google's security requirements for senders.
Authentication Method
Authentication Status
Alignment Status
DMARC Outcome
Gmail "Show Original" Display
SPF
Pass
Aligned
Pass
DMARC: PASS
DKIM
Pass
Aligned
Pass
DMARC: PASS
SPF
Pass
Not Aligned
Fail (if DKIM fails alignment)
Warning or DMARC: FAIL
DKIM
Pass
Not Aligned
Fail (if SPF fails alignment)
Warning or DMARC: FAIL
None
Fail
N/A
Fail
Warning: Sender identity might be spoofed
Impact on email deliverability
The introduction of this clearer alignment indicator by Google underscores their ongoing commitment to combating email abuse. If your emails consistently show alignment warnings or DMARC failures in Gmail's "Show Original," it's a strong sign that your messages are at higher risk of being flagged by spam filters or even landing on a blocklist (or blacklist). These visual cues in the header are part of a broader effort by mailbox providers to promote better email authentication practices.
Many ESPs, especially those catering to smaller senders or using shared IP pools, often utilize a subdomain for DKIM signing (e.g., s1.domain.esp.com) or the Return-Path (e.g., bounces.esp.com). While these might pass initial SPF and DKIM authentication, they can result in misaligned emails if the primary "From" domain (yourdomain.com) doesn't match the authenticated domains. This is often why you might see a "via" tag in Gmail even when DMARC passes.
Google and Yahoo's new sender requirements specifically emphasize the importance of DMARC and its alignment components. Senders who do not meet these requirements may experience increased spam placements or outright rejection of their emails. Ensuring proper alignment is no longer just a best practice, but a critical factor for maintaining email deliverability in 2024 and beyond.
Troubleshooting alignment issues
If you're noticing "Alignment" warnings or DMARC failures in your Gmail "Show Original" reports, it's time to investigate. The first step is to confirm your SPF, DKIM, and DMARC records are correctly published in your DNS. Beyond record validation, you need to ensure the domains used for authentication align with your "From" header domain. If you're experiencing issues, troubleshooting DMARC authentication failure and alignment issues is a good next step.
One common issue is when email service providers (ESPs) handle authentication. Some ESPs automatically sign emails with their own domain's DKIM key or use their domain for the MailFrom address, leading to misalignment with your "From" domain. In such cases, you need to configure custom domain authentication within your ESP, which often involves adding CNAME records to your DNS that point to their authentication infrastructure.
Common pitfalls and solutions
Misconfigured DNS records: Ensure SPF, DKIM, and DMARC records are correctly published and publicly accessible.
Incorrect ESP settings: Many ESPs, like MailChimp, require specific configurations for domain authentication and alignment. Review their documentation for custom domain setup.
Using shared IPs without custom authentication: Shared IP pools might lead to default ESP domains in authentication headers. Configure custom domain authentication to avoid misalignment and ensure your emails are not flagged for bad alignment.
Subdomain vs. root domain issues: Be aware of relaxed vs. strict DMARC alignment policies. If you're using a subdomain for authentication, ensure your DMARC policy allows for relaxed alignment (aspf=r or adkim=r).
Views from the trenches
Best practices
Always aim for DMARC pass, which requires either SPF or DKIM alignment, to ensure your emails are trusted by mailbox providers.
Prioritize DKIM alignment for stronger authentication, as it's less prone to breakage from forwarding than SPF.
Ensure your DMARC policy is published, as its presence helps Gmail interpret alignment results and apply appropriate actions.
Regularly monitor your email authentication results using tools like Google Postmaster Tools for any warnings or failures.
When using an ESP, configure custom domain authentication (dedicated DKIM and MailFrom domains) to achieve proper alignment.
Common pitfalls
Relying solely on SPF authentication without DKIM alignment can lead to DMARC failures, especially with email forwarding.
Ignoring "Alignment" warnings in Gmail's "Show Original" can result in emails being sent to spam or blocked without sender awareness.
Using generic or ESP-owned domains for DKIM signing, which prevents alignment with your brand's "From" domain.
Assuming a passed SPF or DKIM authentication automatically means DMARC alignment is also successful.
Making changes to authentication records without testing, which can lead to unexpected deliverability issues.
Expert tips
Expert from Email Geeks says: Focus on aligned DKIM rather than drawing attention to SPF, as DKIM is more robust for authentication.
Expert from Email Geeks says: If a DMARC record exists and passes, Gmail will show DMARC pass, even if it's only through SPF alignment.
Marketer from Email Geeks says: Gmail's new "Alignment" line and other display changes are part of ongoing UI adjustments, so observe for stability before making drastic changes.
Expert from Email Geeks says: Don't mess with DKIM signing order or other authentication configurations unless there's a clear impact on email delivery.
Marketer from Email Geeks says: Buggy alignment displays might be temporary, or related to specific double DKIM signing configurations.
Expert view
Expert from Email Geeks says: We want to encourage aligned DKIM and do not wish to draw attention to SPF. We have observed that if an email fails to meet alignment rules, Gmail now displays a warning message such as: 'The "From" header sender xxx does not match the DKIM domain xxx. Exercise caution with this message, as the sender may be attempting to spoof the "From" header identity.' Conversely, when alignment is successful, you will see the 'DMARC: PASS' confirmation.
Jan 4, 2024 - Email Geeks
Expert view
Expert from Email Geeks says: We are currently upgrading our MTA to sign with various individual domains. We expect DMARC to pass because SPF is aligned. If there is a DMARC record AND DMARC passes then you get DMARC pass even when it's just SPF alignment. If there is no DMARC record and DKIM doesn't align, you get the warning. Google appears to have fixed these display issues.
Jan 4, 2024 - Email Geeks
Ensuring proper email authentication
The new "Alignment" line in Gmail's "Show Original" view is a clear indicator of how seriously Google takes email authentication. It brings the crucial concept of identifier alignment to the forefront, making it easier for senders to understand whether their emails are properly authenticated and trusted. For optimal deliverability, it's essential not only to implement SPF, DKIM, and DMARC, but also to ensure that the domains used for these authentications align with your email's visible "From" address.
By proactively monitoring and addressing any alignment issues, you can significantly improve your chances of reaching the inbox and maintaining a strong sender reputation. Staying on top of these technical nuances is key to successful email programs in the modern email ecosystem.
The introduction of this clearer alignment indicator by Google underscores their ongoing commitment to combating email abuse. If your emails consistently show alignment warnings or DMARC failures in Gmail's "Show Original," it's a strong sign that your messages are at higher risk of being flagged by spam filters or even landing on a blocklist (or blacklist). These visual cues in the header are part of a broader effort by mailbox providers to promote better email authentication practices.
MailChimp, require specific configurations for domain authentication and alignment. Review their documentation for custom domain setup.
