Is DMARC reject policy mandatory for From and Return-Path alignment?
Summary
What email marketers say8Marketer opinions
Email marketer from Mailhardener Blog explains that when DMARC policy is set to reject, it means that emails failing DMARC checks should be rejected by the recipient's mail server. However, this doesn't inherently mandate that 'From' and 'Return-Path' must be aligned, but it's crucial that either SPF or DKIM aligns for DMARC to pass.
Email marketer from Reddit explains that the reject policy in DMARC tells receiving mail servers to reject messages that fail DMARC checks. While alignment between the 'From' header and 'Return-Path' isn't explicitly enforced, it's implied because either SPF or DKIM needs to pass and align with the 'From' domain for a message to be considered legitimate.
Email marketer from SparkPost states that DMARC requires alignment between the domain in the 'From' address and the domain used for SPF or DKIM authentication. A 'reject' policy means that messages failing this alignment (and therefore failing DMARC) should be rejected, but the alignment is focused on the authentication mechanisms, not necessarily a direct comparison between 'From' and 'Return-Path'.
Email marketer from EasyDMARC answers that a DMARC policy of 'reject' means that non-aligned emails will be rejected if they fail authentication. However, it does not mean From and Return-Path need to be strictly aligned as long as DKIM alignment passes.
Email marketer from AuthSMTP shares that a DMARC record with a policy set to reject means that if the email fails the DMARC authentication checks it should be rejected. For an email to pass DMARC one of SPF or DKIM must pass and be aligned.
Email marketer from GlockApps Blog shares that when DMARC is set to 'reject', emails that fail both SPF and DKIM alignment checks are supposed to be rejected by the receiving mail server. Alignment of the 'From' and 'Return-Path' isn't directly enforced, the underlying authentication mechanisms must align with the 'From' domain for DMARC to validate the email.
Email marketer from Postmark states the `reject` policy tells receiving servers what to do with messages that fail the DMARC check. DMARC relies on SPF and DKIM passing authentication and alignment checks. From and Return-Path alignment is not required as long as DKIM alignment passes.
Marketer from Email Geeks explains that DMARC alignment isn't necessary if DKIM aligns and authenticates.
What the experts say3Expert opinions
Expert from Email Geeks explains that either SPF or DKIM must align (and pass) for DMARC to pass.
Expert from Spam Resource explains that DMARC policies (including 'reject') do not require that the 'From' and 'Return-Path' domains match exactly. The key requirement is that the email passes either SPF or DKIM authentication and that the authenticating domain aligns with the domain presented in the 'From' address. This ensures that the sender is authorized to use the 'From' domain, even if the underlying infrastructure uses a different domain for the 'Return-Path'.
Expert from Word to the Wise explains that the DMARC 'reject' policy does not mandate that the 'From' and 'Return-Path' headers be strictly aligned. Instead, it requires that either the SPF or DKIM authentication mechanisms align with the domain in the 'From' header. This means that as long as one of these authentication methods validates and aligns, the email can pass DMARC even if the 'From' and 'Return-Path' are not identical.
What the documentation says5Technical articles
Documentation from Valimail explain that one of the requirements for DMARC is to meet either SPF or DKIM alignment. The From and Return-Path do not need to be aligned, only one of the authentication methods.
Documentation from DMARC.org details that for DMARC to pass based on SPF, the 'From' domain and the domain used to authenticate with SPF (i.e., the domain in the 'Return-Path') must align. Alignment can be strict or relaxed depending on the configuration but is necessary for SPF to be a valid authenticator under DMARC.
Documentation from Microsoft details how DMARC works with Exchange Online and explains that for a message to pass DMARC, it must either pass SPF authentication and SPF alignment, or DKIM authentication and DKIM alignment. The From and Return-Path do not need to be aligned, only one of the authentication methods.
Documentation from Google explains that Gmail uses DMARC to verify incoming mail. If a message fails DMARC validation, what happens next depends on the sender's DMARC policy. For an email to pass, either SPF or DKIM must pass and be aligned.
Documentation from RFC 7489, the standard defining DMARC, explains that DMARC relies on the alignment of domains between the 'From' header and the authentication results (SPF or DKIM). While a 'reject' policy doesn't intrinsically demand strict alignment of 'From' and 'Return-Path', it necessitates that the authentication method used (SPF or DKIM) does align with the 'From' domain.