Domain Alignment

From InboxSys document library
Revision as of 00:18, 3 September 2023 by Sebastian (talk | contribs)
Jump to navigation Jump to search

Domain alignment happens when 2 domains align. For example: if the sender domain (RFC5322.From) from an E-Mail matches the envelope-from from the same E-Mail, they align.

  • Strict alignment means, the matching domains are exactly the same.
  • Relaxed alignment means, the matching domains have the same responsible domain. For example, mail.example.com and bounce.example.com would align relaxed.

Sending IP / Hostname

Each sending IP should resolve recursively to a domain. This domain is the "hostname". Each hostname should resolve to an IP. This IP should be the same sending IP we started from.

Example from Gmail with sending IP 2a00:1450:4864:20::632:

$ host -t ptr 2a00:1450:4864:20::632
2.3.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.ip6.arpa domain name pointer mail-ej1-x632.google.com.

$ host -t aaaa mail-ej1-x632.google.com
mail-ej1-x632.google.com has IPv6 address 2a00:1450:4864:20::632

Hostname / HELO/EHLO

According to RFC 5321, section 4.1.1.1, it's required for hostnames to align with the HELO/EHLO:

The argument field contains the fully-qualified domain name of the SMTP client if one is available.

Hostname and HELO/EHLO in InboxSys

To check your hostname and HELO/EHLO configuration, send a message to your seedlist and look in the MTA configuration section of the E-Mail analysis.

SPF identifier alignment

SPF aligns when the RFC5321.MailFrom domain matches the RFC5322.From domain. In laymen terms: When the envelope-from domain matches the sender domain.

HELO/EHLO tests

If an incoming message has no envelope-from (RFC5321.MailFrom), SPF falls back to the HELO/EHLO domain. Examples of messages without envelope-from are Delivery Status Notification messages. For his reason, it's recommended to align the HELO/EHLO to the RFC5321.MailFrom.

DKIM alignment

DKIM aligns when the sender domain matches the signing domain. In correct phrasing: when the RFC5322.From domain (also "Agent or User Identifier"), represented in the i-switch, matches the "Signing Domain Identifier", represented in the d-switch.

Alignment in DMARC

DMARC only passes if SPF or DKIM passes with some form of alignment, relaxed or strict. This can be configured in the DMARC DNS TXT record using the following switches:

  • aspf: SPF alignment. Options are "s" for "strict" or "r" for "relaxed".
  • adkim: SPF alignment. Options are "s" for "strict" or "r" for "relaxed".

The adkim and aspf switches are optional. The default value for adkim and aspf is "r".

Link- and imagedomains / Sender domains

None of the examples above touches the E-Mail content. Nonetheless, InboxSys discovered that domain alignment in the content of the message does make a difference.

After multiple A/B tests with InboxSys, it was discovered, that E-Mail deliverability improves when the image- and linkdomains align to one of the sender domains, RFC5321.MailFrom or RFC5322.From. With SPF identifier alignment, those domains would share the same responsible domain anyway.

SPF in InboxSys app

To check your messages for phishing linkdomain alignment, send a message to your seedlist and look in the Links section of the E-Mail analysis.

Phishing-like links

Main article: Phishing links

Another example where A/B tests with InboxSys revealed new discoveries, is within an HTML link. Here is an example of a phishing-like HTML link:

<a href="https://inboxsys.com">www.bankofamerica.com</a>

If the link text contains any domain, it should be the same link as the link location itself.