Since 2017, the number of emails sent and received internationally has grown each year as the internet has become more accessible. In 2020, 306.4 billion emails were sent and received every day; by 2025, this figure is expected to rise to approximately 376.4 billion per day.
This humongous number comes with a set of problems: email security. Hackers are always on the prowl looking for vulnerable victims to trick and steal from. But who exactly are these vulnerable victims? The ones who don’t have the latest security protocols set up on their sending and receiving domains. It has become increasingly important to protect your emails to safeguard data and money.
That brings us to our next question, what protocols should you be using to keep your systems secure?
Protocols such as DKIM, SPF, and DMARC ensure that your emails are secure and that you don’t get phished or spoofed. We’ll talk about these protocols in this article and the importance of DKIM and SPF alignment.
What is Domain Alignment?
Domain alignment (also known as identifier alignment) is a technique that guarantees an authenticated email domain matches the domain contained in the sender identity's ‘From' header address. You must first authenticate your domain before you can execute domain alignment. Domain alignment is of two types:
Sender Policy Framework (SPF) Alignment – SPF alignment occurs when the return-path domain, also known as the sender domain or bounce domain, of the email you send, matches yours from the address domain. The ‘aspf’ parameter in a DMARC record governs how rigorously this is examined. If you do not include the optional ‘aspf’ setting, the default ‘relaxed’ value will be used.
DomainKeys Identified Mail (DKIM) Alignment – DKIM alignment is a little easier than SPF. DKIM alignment is successful when your DKIM ‘d=’ domain (the domain you're signing for using a DKIM signature) perfectly matches the domain used in your ‘From’ address.
Importance Of Spf And Dkim Alignment
There are several advantages for SPF and DKIM alignment. To begin with, different email filters obstruct or do not always examine DKIM signatures. A clobbered DKIM signature—most commonly observed as a ‘body hash did not validate’ authentication issue—indicates that an intermediate or receiving mail server altered something in the email message, and whatever they changed was a field or content region protected (signed) by the DKIM signature.
The DKIM signature is no longer valid if the message has been changed or tampered with. That is the purpose of DKIM: to provide evidence that communication was not altered after the sender hit ‘send’. In this situation, presenting evidence that it was altered and thus, not placing trust in the signature.
If you don't have SPF aligned but do have DKIM, you won’t have any other standard to rely on if the DKIM signature is invalidated. Therefore, make sure to have SPF alignment as well. Your email will fail DMARC and may be rejected if it does not pass either SPF or DKIM.
However, if you have SPF alignment in place and an incorrectly configured DKIM alignment (or don't have DKIM in place at all), this is almost as good as the alternative. Your emails will pass SPF and will be properly aligned for SPF as well as DMARC, with the exception of email forwarding.
Now that you’ve thoroughly understood the working of DKIM and SPF, try out EmailAuth’s DKIM checker tool and SPF checker tool.