Domain Alignment: Difference between revisions
No edit summary |
No edit summary |
||
Line 32: | Line 32: | ||
To check your hostname and HELO/EHLO configuration, [[Sending a message to the seedlist|send a message to your seedlist]] and look in the [[MTA configuration]] section of the [[:Category:E-Mail analysis|E-Mail analysis]]. | To check your hostname and HELO/EHLO configuration, [[Sending a message to the seedlist|send a message to your seedlist]] and look in the [[MTA configuration]] section of the [[:Category:E-Mail analysis|E-Mail analysis]]. | ||
=SPF alignment= | =SPF identifier alignment= | ||
[[SPF]] aligns when the [[RFC5321.MailFrom]] domain matches the RFC5322.From domain. In laymen terms: When the envelope-from domain matches the sender domain. | [[SPF]] aligns when the [[RFC5321.MailFrom]] domain matches the RFC5322.From domain. In laymen terms: When the envelope-from domain matches the sender domain. |
Revision as of 00:07, 3 September 2023
Domain alignment happens when 2 domains align. For example: if the sender domain (RFC5322.From) from an E-Mail matches the envelope-from from the same E-Mail, they align.
- Strict alignment means, the matching domains are exactly the same.
- Relaxed alignment means, the matching domains have the same responsible domain. For example, mail.example.com and bounce.example.com would align relaxed.
Sending IP / Hostname
Each sending IP should resolve recursively to a domain. This domain is the "hostname". Each hostname should resolve to an IP. This IP should be the same sending IP we started from.
Example from Gmail with sending IP 2a00:1450:4864:20::632:
$ host 2a00:1450:4864:20::632 2.3.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.ip6.arpa domain name pointer mail-ej1-x632.google.com. $ host mail-ej1-x632.google.com mail-ej1-x632.google.com has IPv6 address 2a00:1450:4864:20::632
Hostname / HELO/EHLO
According to RFC 5321, section 4.1.1.1, it's required for hostnames to align with the HELO/EHLO:
The argument field contains the fully-qualified domain name of the SMTP client if one is available.
Hostname and HELO/EHLO in InboxSys
To check your hostname and HELO/EHLO configuration, send a message to your seedlist and look in the MTA configuration section of the E-Mail analysis.
SPF identifier alignment
SPF aligns when the RFC5321.MailFrom domain matches the RFC5322.From domain. In laymen terms: When the envelope-from domain matches the sender domain.
HELO/EHLO tests
If an incoming message has no envelope-from (RFC5321.MailFrom), SPF falls back to the HELO/EHLO domain. Examples of messages without envelope-from are Delivery Status Notification messages. For his reason, it's recommended to align the HELO/EHLO to the RFC5321.MailFrom.
DKIM alignment
DKIM aligns when the sender domain matches the signing domain. In correct phrasing: when the RFC5322.From domain (also "Agent or User Identifier"), represented in the i-switch, matches the "Signing Domain Identifier", represented in the d-switch.
Alignment in DMARC
DMARC only passes if SPF or DKIM passes with some form of alignment, relaxed or strict. This can be configured in the DMARC DNS TXT record using the following switches:
- aspf: SPF alignment. Options are "s" for "strict" or "r" for "relaxed".
- adkim: SPF alignment. Options are "s" for "strict" or "r" for "relaxed".
The adkim and aspf switches are optional. The default value for adkim and aspf is "r".
Link- and imagedomains / Sender domains
None of the examples above touches the E-Mail content. Nonetheless, InboxSys discovered that domain alignment in the content of the message does make a difference.
After multiple A/B tests with InboxSys, it was discovered, that E-Mail deliverability improves when the image- and linkdomains align to one of the sender domains, RFC5321.MailFrom or RFC5322.From. With SPF identifier alignment, those domains would share the same responsible domain anyway.
SPF in InboxSys app
To check your messages for phishing linkdomain alignment, send a message to your seedlist and look in the Links section of the E-Mail analysis.
Phishing-like links
Main article: Phishing links
Another example where A/B tests with InboxSys revealed new discoveries, is within an HTML link. Here is an example of a phishing-like HTML link:
<a href="https://inboxsys.com">www.bankofamerica.com</a>
If the link text contains any domain, it should be the same link as the link location itself.