If you are an email marketer or brand that sends out regular email campaigns, you would agree with us when we say that building trust with your audience is the key to converting them into your customers. But how do you build that trust, especially through email campaigns?

One way is to craft email content in a way that recognizes their needs and delivers what they want to hear. Apart from this, there’s another way to reinforce your brand’s integrity and legitimacy among your clients— signing your emails with DKIM

This is a simple yet significant way to ensure that your email content has not been altered in transit, which also helps establish trust with your recipients. There’s more to DKIM than simply signing your emails with a digital signature; it also plays a crucial role in DMARC compliance by verifying that the parent domain of the email that is used to create the DKIM signature matches the “From” domain in the header. This is what we call DKIM alignment. 

Let’s dive deep into what it means and how it can impact your overall email hygiene.


What is DKIM Alignment?

Before you fall into the trap, we would like to clear things out— DKIM authentication and alignment are not the same! While most people use them interchangeably, they are two ways to evaluate DKIM and are vastly different from each other. 

DKIM authentication simply involves adding a digital signature generated with a private key to the email header, which is then verified by the recipient’s server with the public key that is published in the sender’s DNS.

When it comes to DKIM alignment, things go a step further than this. This step ensures that the domain in the DKIM signature (the d= domain) matches the domain in the “From” header of the email. This alignment is crucial because it adds an additional layer of trust, confirming that the email is not only uncompromised but also comes from the trusted domain.


DKIM signature


What are the Two Types of DKIM Alignments?

If there’s one claim that we can make with utmost surety, it’s that each organization has its own unique needs and goals for its email campaigns, and following a singular approach will simply not suffice. To cater to these ever-evolving needs, DKIM offers two alignment modes: strict and relaxed

Here’s a breakdown of what these alignment modes entail and what they mean for your email authentication strategy.


Relaxed DKIM Alignment (adkim=r)

This alignment mode offers some flexibility when it comes to matching the d= domain and the “From” domain. In this mode, it isn’t necessary for the two fields to exactly match each other. Instead, the d= domain can either match the “From” domain exactly or be a subdomain of the “From” domain.  

For instance, DKIM alignment will pass in the following cases:

  • d=example.com & From: example.com 
  • d=email.example.com & From: example.com 

However, if d=example.email.com & From: example.com are there, then DKIM alignment will fail. 


strict DKIM alignment


Strict DKIM Alignment (adkim=s)

When it comes to strict DKIM alignment, the approach followed is more stringent. That is to say, for DKIM to align in the strict mode, the d= domain and the “From” domain should exactly match. This is done to ensure that no one tries to misuse your domain and the authenticity of your emails is maintained. Since this strict alignment offers no room for discrepancy or variations and offers a high level of security, it is ideal for financial institutions, government agencies, etc. 

In such cases, DKIM alignment will only pass if:

  • d=example.com & From: example.com 

It will fail if:

  • d=email.example.com & From: example.com 


What Does it Mean for DMARC?

It is no surprise that DMARC is considered the ultimate benchmark for email authentication and security, but without SPF and DKIM, this authentication protocol is incomplete. That is to say, DMARC relies on SPF and DKIM to validate the authenticity of email messages and to ensure they are not spoofed. So, for your emails to safely and effectively reach your recipient’s inbox, it’s essential to properly configure and align these protocols.

Speaking of alignment, if you configure DKIM with relaxed alignment, all your emails (sent from the parent domain and subdomains) will pass DMARC checks and make their way into the receiver’s inbox. However, with strict DKIM alignment, you can expect stronger DMARC validation and enhanced protection against spoofing.


spoofing protection

Image sourced from extnoc.com


As we have already established earlier, DKIM alignment is not just about ensuring the domains used in the signature and the header match. It goes beyond cursory verification and extends to improving email deliverability, enhancing customer trust, and mitigating the risk of spoofing. 

With stakes so high, you cannot afford to be complacent when choosing the appropriate type of DKIM alignment. What you can do is partner up with DuoCircle, your ally in all the things related to email authentication. Our team of experts will help you ease out all your DKIM alignment woes and work with you to secure your organization’s digital assets. To know how, book a demo with us today! 

Pin It on Pinterest

Share This