Becoming DMARC compliant should be the goal of any business that sends email to current or potential customers. DomainKeys Identified Mail (DKIM) is a protocol that contributes to DMARC compliancy and enables a company to take responsibility for sent messages that can be verified by mailbox providers. Essentially, it allows the outbound domain to digitally sign email to provide legitimacy for the receiver. Once you have DMARC set up and begin reviewing your Delivery Center DKIM reports, both DKIM authentication and alignment categories will be important features of your data.

Authentication and Alignment

Like its SPF brethren, DKIM is evaluated on two levels for DMARC compliance: authentication and alignment. DMARC relies on these standards to reach full compliance. Therefore, each measure must pass for DMARC to be properly applied to your brand’s emails. If you haven’t published a DKIM record for all domains/subdomains that send email on your behalf, we advise you to do so now.

Basically, DKIM authentication means the transmitted message was correctly signed by the “d=” domain in the DKIM header. This authenticity vouches for the sent email on the sender’s behalf, which helps ensure delivery and reinforces brand trust by the recipient. To pass DKIM authentication, the inbound server will take relevant DKIM components of the email and check for a DKIM DNS record to confirm the signature matches. If it does, the message passes DKIM authentication.

Alignment is another DKIM test that consists of inboxes checking whether the Organizational domain name (in multiple parts of the message) matches. Emails pass this assessment when the <From:> header visible to the receiver matches the “d=” domain used in the DKIM header. By default, this match looks for the primary domain to sync between the two domains so messages that contain a subdomain will align.

To achieve 100% DMARC compliance, authentication and alignment must pass their respective test. Specific to your brand, confirming both DKIM authentication and alignment function correctly helps the domain achieve optimal DMARC compliance, resulting in higher email delivery rates to intended inboxes and less spoofing/phishing attacks. What business doesn’t want that?