DKIM signature not aligned with DMARC record.

Owned by Product team
Dec 19, 2023
2 min read

Your sender domain has a DMARC policy p=none, but does not have a custom DKIM signature on the same domain, or on a domain related to the main domain. 

Therefore, formally the result of the DMARC check will be "FAIL."  

The p=none policy (observation mode) is provided precisely to have time to manage FAIL conditions on email domains. 

Having a p=none policy not aligned with the DKIM domain is not serious if it reflects a temporary phase, but we recommend that you complete the alignment of the sender domain and DKIM signature. 

Also, by now Mailbox Providers and major spam filters specifically require, and reward, the presence of a DKIM signature associated with the same sender domain. 

What to do.

DMARC recognizes the alignment condition if the sender domain and DKIM signature or Return-Path domain refer to the same main domain, 

According to our Deliverability experts, the optimal solution is to pursue the full alignment condition-both on DKIM and Envelope -From. 

This optimal condition can be enabled through the Brand Shield module for configuring custom domains.

Learn about Brand Shield

Activating Brand Shield will provide you with details for complete and uniform configuration of domains within your emails: 

  • Header From RFC5322

  • DKIM domain

  • Return-Path Domain RFC5321

  • Tracking link.

 

What is DMARC

Simply put, DMARC allows the owner of a domain, who is also the sender of email messages, to ask email providers not to deliver unauthorized messages that appear to come from their domain.

This mechanism is useful in preventing phishing and spoofing attacks.

From a technical perspective, DMARC (Domain-based Message Authentication, Reporting & Conformance) is a system based on DKIM and SPF authentications that helps receiving servers (e.g., Gmail, Yahoo, Libero) know what to do when a message cannot be authenticated. It does this by allowing the sender of an email to publish a "policy" on which mechanism (SPF, DKIM, or both) is used to send email and to instruct receiving servers on how to handle any authentication problems (monitor, spam, or reject messages).