How does Google Workspace handle DMARC alignment for multiple domains?
Summary
What email marketers say6Marketer opinions
Marketer from Email Geeks confirms that Google Workspace works perfectly with multiple domains, subject to the caveats mentioned previously (likely referring to DKIM setup and domain aliases).
Email marketer from StackExchange shares that when you use multiple 'From:' addresses, each domain should be authenticated with its own DKIM signature. They highlight that the 'From:' domain needs to align with either the DKIM domain or the SPF domain for DMARC to pass.
Marketer from Email Geeks explains that G Suite's handling of multiple domains depends on how the second domain is added. If added as an alias, it uses the mapped domain in the 5321.From. If added as a separate domain, it works as expected. DKIM is per-domain and not automatic.
Email marketer from Reddit explains that DMARC alignment requires either SPF or DKIM to pass and align with the domain in the 'From:' header. They also stated that SPF alignment needs the 'Return-Path' domain to match the 'From:' domain, and DKIM alignment needs the 'd=' tag in the DKIM signature to match the 'From:' domain.
Email marketer from Email Marketing Forum details they send emails from multiple domains and are struggling with SPF and DKIM set up, specifically around alignment. They need advice on the correct steps to make the setup work correctly. It was suggested that the user use a DMARC record generation tool.
Email marketer from EasyDMARC shares that when using multiple domains, each domain must be independently authenticated using SPF and DKIM. They emphasize the importance of consistent 'From' header management to avoid DMARC failures and recommend using a DMARC analyzer to monitor alignment.
What the experts say3Expert opinions
Expert from Word to the Wise explains that SPF can be problematic with multiple domains because it checks the 'Return-Path', which may not align with the 'From' domain. DMARC alignment will fail if SPF fails. DKIM is generally preferred for alignment because it directly authenticates the 'From' domain, especially with multiple domains in Google Workspace.
Expert from Word to the Wise shares it is important to configure both SPF and DKIM correctly for each domain used within Google Workspace. She states that while SPF authenticates the sending server, DKIM authenticates the content and the 'From' domain, which is crucial for DMARC alignment. She also shares that you should ensure that the DKIM signature matches the 'From' domain for each domain you are sending from.
Expert from Email Geeks ties DMARC alignment issues to DKIM setup failures, resulting in a "sent via maindomain.com" header.
What the documentation says3Technical articles
Documentation from Google Workspace Admin Help explains that to ensure proper DMARC alignment, each domain should have its own DKIM keys set up, and SPF records should be configured to authorize Google Workspace to send emails on behalf of each domain. They also state that if you have multiple domains set up as domain aliases, the primary domain's DKIM and SPF records are used.
Documentation from dmarcian advises that for proper DMARC alignment across multiple domains, particularly in Google Workspace, ensure SPF is correctly configured to include all sending sources and DKIM signatures validate. They advise closely monitoring DMARC reports to identify and resolve any alignment issues, specifically regarding the organizational domain.
Documentation from Microsoft explains how DMARC works with Exchange Online. They suggest that with multiple domains, each domain should have its own DMARC, SPF, and DKIM records. This ensures that each domain is independently authenticated and protected against spoofing. They also specify setting up DKIM is critical to passing DMARC.