LoginGet Started

Outbound Security

DMARC RiComputerLine

Active Visibility

SPF Analyzer

Sender Identity

DKIM Validator

Cryptographic Security

BIMI Suite

Brand Verification

Inbound Security

MTA-STS

Enforced Encryption

TLS-RPT

Delivery Reporting

Utilities

Domain Audit

FREE

Full Security RiCheckLine

SVG Converter

FREE

BIMI Automation

PricingContact Us

Understanding Alignment Failures

DMARC requires not just authentication (passing SPF/DKIM) but Alignment. This is the most common cause of false positives (blocking legitimate email).

The Two "From" Addresses

Every email has two sender addresses:

  • Header From: The address the user sees in their email client (e.g., ceo@yourcompany.com).
  • Return-Path (Envelope From): The address servers use for bounces (e.g., bounces@mailchimp.com).

The Alignment Rule

For minimal compliance, at least ONE of SPF or DKIM must align. This means the domain used in the check must match the "Header From" domain.

Common Scenario: Mailchimp / Marketing Tools

By default, Mailchimp sends email signed by mailchimp.com. Even if SPF passes (the IP is authorized), the domain mailchimp.com does NOT match yourcompany.com.

The Fix: Custom Domains

You must configure "Custom Domain Authentication" in your tool settings. This forces the tool to use a subdomain of YOUR domain (e.g., marketing.yourcompany.com) for the Return-Path or DKIM signature, achieving alignment.