▷ CSA_DMARC and Domain Alignment in Email Marketing

Not always everything is fine on the Internet. Spam, phishing, middleman attacks, spoofing, the list of network bad guys and their complex methods is long. And in almost all cases, it is a medium that we all use on a daily basis, e-mail …

For understandable reasons, cybercriminals do not use their own identity as a sender. Instead, they like to use well-known companies and brands, often banks, payment services, online stores, or delivery companies. In principle, any brand can be affected.

The pitfalls are so numerous that one becomes so suspicious that many Internet Service Providers (ISPs) check email very carefully before forwarding it to their customers, the email recipients. Small ISPs in particular even go so far as to reject all incoming emails and resend a bounce code, hoping that serious senders will make a second attempt at graylist delivery). Other ISPs require authentication procedures by mailers or whitelist senders certificate (eg with
Certified Senders Alliance (CSA) to deliver email messages.

This is a problem for brands, because they have a huge interest in ensuring that their email also reaches the recipient. Trust is the best portal for ISPs. If ISPs rate the sender of an email as trustworthy, it is very likely that the email will also be delivered to the inbox. This trust must first be gained, which Tobias Hercula, Director of Cyren’s Anti-Spam Research Team, calls “computing trust.” This is where field alignment comes in.

Domain alignment means that domains used in SPF (Sender Policy Framework) and DKIM (Domain Key Identified Mail) must match at least partially the source address of the mail. SPF and DKIM are a common specification for email authentication and the source address is the email address that is displayed to the email recipient as the sender address. Simply put, in a typical paper letter, the sender’s address on the envelope, the sender on the letter, and the signature at the bottom of the letter will match. In fact, this is self-evident, or do you trust a letter with different titles on the envelope and the letter?

However, it is not so simple with email, as many marketers rely on third-party service providers and email providers for their mailings. At the latest, the source address in the mail header and the physical address no longer match and domain alignment is no longer provided.

In such a case, Sebastian Kluth, Technical Director of Certified Senders Alliance (CSA), advises the domain owner to use a subdomain for sending through the email service provider, which makes it easier to set up and match. If this domain alignment is granted, it gives it a certain degree of trust with the ISPs.

Domain alignment is also a mandatory prerequisite for implementing DMARC (Domain-Based Message Authentication, Reporting, and Matching), another authentication procedure supported by many major ISPs such as AOL, Microsoft or Google. DMARC is based on the common SPF and DKIM specifications and makes email messages clearly identifiable to ISPs. In addition, the sender (brand) can specify how the ISP handles email messages that appear to come only from him.


For email marketers, good reputation and therefore reliability are very important, as they have a direct impact on the deliverability of emails. By implementing the DMARC protocol and aligning relevant domains, brands can ensure that their identity is not misused and their reputation is not seriously damaged. So email marketers should discuss the DMARC issue with their email service provider. For more information on DMARC and domain alignment, you can also visit the Certified Senders Alliance website at https://certified-senders.org/library/

Leave a Comment