Domain Alignment: Identifier Alignment in From, DKIM, and Return Path Headers

Daria Kubacka, 12 June 2024


In 2024, global providers like Gmail and Yahoo have implemented a series of changes, primarily targeting bulk senders. These changes, already in effect, are part of a continuous update to security algorithms, with further modifications on the horizon. The increasing stringency of these updates necessitates swift adaptation by senders aiming to maintain high deliverability rates.

If this topic is new to you, we encourage you to read our first article on the new provider requirements:

How to Prepare for Gmail and Yahoo! Sender Requirements Before February 2024?

If you’ve been keeping up with the updates on Gmail and Yahoo’s requirements, you’ve probably come across the term “domain alignment” frequently.

What is Domain Alignment, Exactly?

Domain alignment involves using the same domain across various email headers. Currently, Gmail requires domain alignment in the DMARC record. Messages can pass DMARC alignment in one of two ways:

  1. DKIM Alignment: Using the sending domain in the From header (Header From) and matching it with the domain in the DKIM header (the d= value within email headers);
  2. SPF Alignment: Passing SPF verification by aligning the From header (Header From) domain with the Return Path (Envelope From) domain.

At EmailLabs, we recommend configuring full domain alignment and using both methods, as global providers are announcing the requirement of double alignment in the future.

You can enhance your sender credibility by aligning all three headers (Header From, Envelope From, and DKIM) with the same domain. Even now, despite the lack of a full alignment requirement, this practice is positively viewed by the security algorithms of receiving servers.


Domain alignment is a mechanism that ensures that the authenticated email domain is consistent with the domain found in the ‘From’ header address, representing the sender’s identity.

Headers: From, DKIM, Return-Path 

The From Header

The From Header is the field that displays the email address from which the message was sent. This address indicates the domain from which the email came.


The DKIM Header

The DKIM Header is a type of authentication that involves adding a digital signature to the email. This signature allows receiving server algorithms to verify that the message was sent from the sender’s server and that its content has not been altered during transmission.


The Return-Path Header

The Return-Path Header contains the email address to which the receiving server sends information about delivery failures. This allows the sender to receive notifications explaining the reasons for any delivery issues.


What Is Return Path?

These headers are likely familiar to all email senders but now require special attention. Failing to achieve domain alignment across these headers can negatively impact your email deliverability.

Maximize your email deliverability and security with EmailLabs!

What Does Domain Alignment Look Like Across all Headers?

Achieving full domain alignment requires ensuring that domains are identical in specific email headers. Here are three examples of successful domain alignment and one example where alignment fails.

  • Full Alignment Using the Same Domain: The DKIM header and Return Path use the same domain as the From header.
  • Full Alignment Using a Subdomain: A subdomain is used consistently across the DKIM header, Return Path, and From header.
  • Failed Alignment Using Different Domains: A different domain is used, resulting in a lack of alignment across the headers.

Ensuring domain alignment across these headers is crucial for maintaining high email deliverability.

Attempt to achieve domain alignment The From, DKIM, and Return Path headers use the same domain. A subdomain is used in the From, DKIM, and Return Path headers. A different domain is used in the From header than in the DKIM and Return Path headers
FROM Address
DKIM Header

How to Configure Records for Domain Alignment?

In the EmailLabs panel, you can find a free domain authentication configurator. To prepare for the changes from Google and Yahoo, log in to your panel and complete the authorization process today. Ensure that your configuration includes all the domains you use for sending emails.

You can find it in the Administrator > Sender Authorization tab


After adding your sending domain, you will receive a set of records to add to your domain’s DNS.


Read more about the individual steps here -> domain from authorization.

Using a Domain in From, DKIM, and Return-Path Headers for the First Time – What to Keep in Mind?

Every domain you start sending from requires a warm-up process. This involves gradually increasing your sending volume, starting with a small number of emails to your most engaged users and progressively expanding to your entire list. This process helps your domain gain credibility and recognition from providers as they observe a steady volume increase, which builds your domain’s reputation.

Example of a warm-up plan:

  Day 1 Day 2 Day 3 Day 4 Day 5 Day 6 Day 7
Week 1 100 300 500 1 000 3 000 10 000 20 000
Week 2 40 000 60 000 80 000 100 000 150 000 200 000 300 000
Week 3 400 000 500 000 600 000 800 000 1 000 000 1 100 000 1 200 000
Week 4 1 500 000 3 000 000 4 000 000 5 000 000 6 000 000 7 000 000 8 000 000

The same warm-up is required when changing the domain in the DKIM or Return-Path headers. When switching to a new authorization method that meets Gmail’s requirements, the email headers will show a domain that hasn’t been used in these headers before.

This can suggest a potential spoofing attempt for the receiving server’s algorithms since the domain in the header lacks a built reputation and appears as an unrecognized sender. Without proper domain warming, your emails may receive the following responses.

host[XX.XXX.XXX.XX] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail originating 421-4.7.28 from your DKIM domain [ 36]. To protect our users from spam, 421-4.7.28 mail sent from your domain has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 to 421 4.7.28 review our Bulk Email Senders Guidelines. e7-20020a056a001a8700b006d3c35096dcsi3379574pfv.320 – gsmtp (in reply to end of DATA command)


A deferred status message will appear in the email logs if you use domain alignment in the DKIM header. Due to the domain not being recognized and the increase in sending volume, your messages might be throttled.

host[XX.XXX.XXX.XX] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail originating 421-4.7.28 from your SPF domain [35]. To protect 421-4.7.28 our users from spam, mail sent from your domain has been temporarily 421-4.7.28 rate limited. For more information, go to 421-4.7.28 to 421 4.7.28 review our Bulk Email Senders Guidelines. nd8-20020a17090b4cc800b0029accb393f9si701470pjb.146 – gsmtp (in reply to end of DATA command)


Domain recognition is based on the SPF alignment verification. Similarly, if the domain hasn’t been properly warmed up, your messages could be throttled.

Both messages indicate that Gmail’s servers have temporarily delayed emails from the domain used in the DKIM or Return-Path headers.

Throttling emails from unrecognized domains is a common practice by Gmail when their spam filters suspect that the sending activity could pose a risk.

If you receive such messages after implementing domain alignment, it means your configuration is correct, and the domain is now visible in the relevant header. However, you have sent emails without proper domain warming. The best solution is to monitor your sends and start a gradual warm-up process to build the domain’s reputation from scratch.

PROTIP! If you’ve previously used a subdomain of your sending domain in the DKIM or Return-Path headers for part of your email communication, consider using it for all your emails! Using a subdomain that has already been used for a long time with DKIM or Return Path headers will help you avoid a long warm-up process!


Ensure your emails have domain alignment in the DKIM and Return-Path headers to maximize your deliverability rate. After changing your configuration, remember to warm up your sends! Start with low volumes when sending with new domains in the headers.

If you want to use a dedicated configurator, work with EmailLabs! Create an account now!

Click here to check our pricing.

Good Luck! 💌

Create an account with EmailLabs today!

Stay compliant with the strict requirements of Gmail and Yahoo!

Most popular

Latest blog posts